Skip to content
Permalink
Browse files

Randomly generate a salt when the salt is '' or null.

To prevent an issue where any value is accepted as a password when '' is
provided as the hashed password.

Refs #8650
  • Loading branch information...
markstory committed Apr 16, 2016
1 parent c6d5bfb commit 8b5023282e8b436485340998a38773a28d04e50a
Showing with 22 additions and 2 deletions.
  1. +21 −1 lib/Cake/Test/Case/Utility/SecurityTest.php
  2. +1 −1 lib/Cake/Utility/Security.php
@@ -151,16 +151,36 @@ public function testHash() {
Security::setHash($_hashType);
}
/**
* Test that blowfish doesn't return '' when the salt is ''
*
* @return void
*/
public function testHashBlowfishEmptySalt() {
$test = Security::hash('password', 'blowfish');
$this->skipIf(strpos($test, '$2a$') === false, 'Blowfish hashes are incorrect.');
$stored = '';
$hash = Security::hash('anything', 'blowfish', $stored);
$this->assertNotEquals($stored, $hash);
$hash = Security::hash('anything', 'blowfish', false);
$this->assertNotEquals($stored, $hash);
$hash = Security::hash('anything', 'blowfish', null);
$this->assertNotEquals($stored, $hash);
}
/**
* Test that hash() works with blowfish.
*
* @return void
*/
public function testHashBlowfish() {
Security::setCost(10);
$test = Security::hash('password', 'blowfish');
$this->skipIf(strpos($test, '$2a$') === false, 'Blowfish hashes are incorrect.');
Security::setCost(10);
$_hashType = Security::$hashType;
$key = 'someKey';
@@ -303,7 +303,7 @@ protected static function _salt($length = 22) {
* @return string The hashed string or an empty string on error.
*/
protected static function _crypt($password, $salt = false) {
if ($salt === false) {
if ($salt === false || $salt === null || $salt === '') {
$salt = static::_salt(22);
$salt = vsprintf('$2a$%02d$%s', array(static::$hashCost, $salt));
}

0 comments on commit 8b50232

Please sign in to comment.
You can’t perform that action at this time.