[Tickets #9145] Crypt Blowfish add an extra \0 character to passwords
bugs at horde.org
bugs at horde.org
Tue Jul 20 19:09:08 UTC 2010
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/9145
------------------------------------------------------------------------------
Ticket | 9145
Created By | rui.carneiro at portugalmail.net
Summary | Crypt Blowfish add an extra \0 character to passwords
Queue | Horde Framework Packages
Version | Git master
Type | Bug
State | Unconfirmed
Priority | 3. High
Milestone |
Patch | 1
Owners |
+New Attachment |
0001-We-should-trim-passwords-before-using-them-http-pear.patch
------------------------------------------------------------------------------
rui.carneiro at portugalmail.net (2010-07-20 15:09) wrote:
http://pear.php.net/bugs/bug.php?id=4747
Quoting: "When the length of a plain string is not a multiple of 8,
decrypt() return a result with a NUL chars block appened to the end
(which length is a multiple of 8)."
----
So if we are decrypting a password not multiple of 8 we should trim
the "\0" from the decrypted result.
I found this bug because i wasn't able to use Horde with an ImapProxy.
More information about the bugs
mailing list