You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@couchdb.apache.org by Benoit Chesneau <bc...@gmail.com> on 2014/04/06 09:29:42 UTC

Re: couchdb commit: updated refs/heads/COUCHDB-2221 to 006d819

+1

On Sunday, April 6, 2014, <wo...@apache.org> wrote:

> Repository: couchdb
> Updated Branches:
>   refs/heads/COUCHDB-2221 [created] 006d81965
>
>
> Protect against _users doc iterations as string (pbkdf2)
>
>
> Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
> Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/006d8196
> Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/006d8196
> Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/006d8196
>
> Branch: refs/heads/COUCHDB-2221
> Commit: 006d81965d9d09d3fe97a45c973198dc166dafda
> Parents: 9f6a919
> Author: Joan Touzet <wohali@apache.org <javascript:;>>
> Authored: Sat Apr 5 22:16:12 2014 -0400
> Committer: Joan Touzet <wohali@apache.org <javascript:;>>
> Committed: Sat Apr 5 22:16:12 2014 -0400
>
> ----------------------------------------------------------------------
>  src/couchdb/couch_httpd_auth.erl | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> ----------------------------------------------------------------------
>
>
>
> http://git-wip-us.apache.org/repos/asf/couchdb/blob/006d8196/src/couchdb/couch_httpd_auth.erl
> ----------------------------------------------------------------------
> diff --git a/src/couchdb/couch_httpd_auth.erl
> b/src/couchdb/couch_httpd_auth.erl
> index 08841fb..abc2054 100644
> --- a/src/couchdb/couch_httpd_auth.erl
> +++ b/src/couchdb/couch_httpd_auth.erl
> @@ -367,7 +367,9 @@ authenticate(Pass, UserProps) ->
>              {couch_passwords:simple(Pass, UserSalt),
>              couch_util:get_value(<<"password_sha">>, UserProps, nil)};
>          <<"pbkdf2">> ->
> -            Iterations = couch_util:get_value(<<"iterations">>,
> UserProps, 10000),
> +            Iterations = couch_util:to_integer(
> +                    couch_util:get_value(<<"iterations">>, UserProps,
> 10000)
> +            ),
>              {couch_passwords:pbkdf2(Pass, UserSalt, Iterations),
>               couch_util:get_value(<<"derived_key">>, UserProps, nil)}
>      end,
>
>