handling null-values for salts properly now - fixes gh-4147
This commit is contained in:
parent
f94399cff9
commit
09436649cc
|
@ -532,8 +532,9 @@ public class BCrypt {
|
|||
* @param password the password to hash
|
||||
* @param salt the salt to hash with (perhaps generated using BCrypt.gensalt)
|
||||
* @return the hashed password
|
||||
* @throws IllegalArgumentException if invalid salt is passed
|
||||
*/
|
||||
public static String hashpw(String password, String salt) {
|
||||
public static String hashpw(String password, String salt) throws IllegalArgumentException {
|
||||
BCrypt B;
|
||||
String real_salt;
|
||||
byte passwordb[], saltb[], hashed[];
|
||||
|
@ -541,6 +542,10 @@ public class BCrypt {
|
|||
int rounds, off = 0;
|
||||
StringBuilder rs = new StringBuilder();
|
||||
|
||||
if (salt == null) {
|
||||
throw new IllegalArgumentException("Invalid salt");
|
||||
}
|
||||
|
||||
int saltLength = salt.length();
|
||||
|
||||
if (saltLength < 28) {
|
||||
|
|
|
@ -14,10 +14,11 @@
|
|||
|
||||
package org.springframework.security.crypto.bcrypt;
|
||||
|
||||
import org.junit.Test;
|
||||
|
||||
import java.util.Arrays;
|
||||
|
||||
import org.junit.Test;
|
||||
import static org.assertj.core.api.Assertions.*;
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
|
||||
/**
|
||||
* JUnit unit tests for BCrypt routines
|
||||
|
@ -271,6 +272,11 @@ public class BCryptTests {
|
|||
assertThat(BCrypt.gensalt(31).startsWith("$2a$31$")).isTrue();
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void hashpwFailsWhenSaltIsNull() {
|
||||
BCrypt.hashpw("password", null);
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void hashpwFailsWhenSaltSpecifiesTooFewRounds() {
|
||||
BCrypt.hashpw("password", "$2a$03$......................");
|
||||
|
|
Loading…
Reference in New Issue