-
Notifications
You must be signed in to change notification settings - Fork 656
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix for KeyStore DoS vulnerability #202
Conversation
Codecov Report
@@ Coverage Diff @@
## master #202 +/- ##
===================================================
- Coverage 60.45730% 60.41642% -0.04088%
===================================================
Files 246 246
Lines 16663 16666 +3
===================================================
- Hits 10074 10069 -5
- Misses 5678 5683 +5
- Partials 911 914 +3 |
Duplicating the if function is not very nice and the change also requires code comments to say why the checked password is being truncated. Would you update the code to something like the following;
|
That would overflow too, so remove
|
Hi @swdee |
Almost there, the last thing needed is for the code changes to be run through Once that is done, it looks good from my eyes. Thanks for your testing an contribution. |
@swdee Fixed it. Thanks again |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you both for looking into this. LGTM
#195