- Patch #590656 by pwolanin, Pasqualle: harden one-time login links against vulnerability from disclosure of SQL backups, or SQL 'SELECT' injection.

author: Dries Buytaert <dries@buytaert.net> 2010-01-14 18:45:17 +0000
committer: Dries Buytaert <dries@buytaert.net> 2010-01-14 18:45:17 +0000
commit: f818dfe90847f350167055f6207befdc2e4e0f14 (patch)
tree: 69dbd521a79b971912f53bca339fa5060c62cbb8 /modules
parent: 913f2c3a3e3ed55b33f2fffeeec407520aa5d62a (diff)
download: brdo-f818dfe90847f350167055f6207befdc2e4e0f14.tar.gz
brdo-f818dfe90847f350167055f6207befdc2e4e0f14.tar.bz2
1 files changed, 2 insertions, 1 deletions
diff --git a/modules/user/user.module b/modules/user/user.module
index ee9e5287f..993b13f58 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -2029,7 +2029,8 @@ function user_cancel_url($account) {
 }
 
 function user_pass_rehash($password, $timestamp, $login) {
-  return md5($timestamp . $password . $login);
+  // A single md5() is vulnerable to length-extension attacks, so use it twice.
+  return md5(drupal_get_hash_salt() . md5($timestamp . $password . $login));
 }
 
 /**
author	Dries Buytaert <dries@buytaert.net>	2010-01-14 18:45:17 +0000
committer	Dries Buytaert <dries@buytaert.net>	2010-01-14 18:45:17 +0000
commit	f818dfe90847f350167055f6207befdc2e4e0f14 (patch)
tree	69dbd521a79b971912f53bca339fa5060c62cbb8 /modules
parent	913f2c3a3e3ed55b33f2fffeeec407520aa5d62a (diff)
download	brdo-f818dfe90847f350167055f6207befdc2e4e0f14.tar.gz brdo-f818dfe90847f350167055f6207befdc2e4e0f14.tar.bz2