Bug with phpBB authenticator

Ice/DBus, Web-Interfaces, Management tools

Bug with phpBB authenticator

Postby tomdarkness » Sun Apr 11, 2010 3:36 pm

Hey,

If someone enters a none-ASCII character in their password it causes the authenticator to crash:

Code: Select all
 WARNING dispatch exception: Util.cpp:169: Ice::UnknownException:
unknown exception:
Traceback (most recent call last):
  File "phpBB3auth.py", line 293, in authenticate
    if phpbb_check_hash(pw, upw):
  File "phpBB3auth.py", line 627, in phpbb_check_hash
    return _hash_crypt_private(password, hash, itoa64) == hash
  File "phpBB3auth.py", line 608, in _hash_crypt_private
    hash = md5(salt + password).digest()
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 1: ordinal not in range(128)

identity: F84AFC7B-D416-42D8-8FBF-DBFBF268145F
facet:
operation: authenticate


Effectively causing a DoS attack as no-one can login to the server.

How can this be fixed?

Thanks,

Tom
tomdarkness
 
Posts: 14
Joined: Sun Apr 11, 2010 3:33 pm

Re: Bug with phpBB authenticator

Postby hacst » Sun Apr 11, 2010 6:41 pm

Sorry. I cannot reproduce this issue on win7 or ubuntu 9.10. Can you please give additional information on your environment? Which operating system, python version, mysql version, python-ice version are you running this on?
hacst
Team member
Team member
 
Posts: 339
Joined: Wed Sep 23, 2009 4:28 pm


Return to Scripting

Who is online

Users browsing this forum: No registered users and 1 guest

cron