Prevent hash functions from choking in non ascii decodable input

author: Stefan Hacker <dd0t@users.sourceforge.net> 2010-11-14 22:46:03 +0300
committer: Stefan Hacker <dd0t@users.sourceforge.net> 2010-11-14 22:46:33 +0300
commit: 53a32eb16f95d0665ecde6b158065a896dde38a9 (patch)
tree: 2117d8720d0c179d54204e37e0b5dd459b33891e /Authenticators/phpBB3
parent: 4ccef21a0cc5562814d300491ba20c1bb3e7130d (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/Authenticators/phpBB3/phpBB3auth.py b/Authenticators/phpBB3/phpBB3auth.py
index 965a6ed..e05fb61 100644
--- a/Authenticators/phpBB3/phpBB3auth.py
+++ b/Authenticators/phpBB3/phpBB3auth.py
@@ -744,9 +744,9 @@ def _hash_crypt_private(password, settings, itoa64):
     if len(salt) != 8:
         return output
     
-    hash = md5(salt + password).digest()
+    hash = md5(unicode(salt + password).encode('utf8')).digest()
     while True:
-        hash = md5(hash + password).digest()
+        hash = md5(unicode(hash + password).encode('utf8')).digest()
         count = count - 1
         if count <= 0:
             break
@@ -765,7 +765,7 @@ def phpbb_check_hash(password, hash):
     if len(hash) == 34:
         return _hash_crypt_private(password, hash, itoa64) == hash
 
-    return md5(password).hexdigest() == hash
+    return md5(unicode(password).encode('utf8')).hexdigest() == hash
 
 #
 #--- Start of program
author	Stefan Hacker <dd0t@users.sourceforge.net>	2010-11-14 22:46:03 +0300
committer	Stefan Hacker <dd0t@users.sourceforge.net>	2010-11-14 22:46:33 +0300
commit	53a32eb16f95d0665ecde6b158065a896dde38a9 (patch)
tree	2117d8720d0c179d54204e37e0b5dd459b33891e /Authenticators/phpBB3
parent	4ccef21a0cc5562814d300491ba20c1bb3e7130d (diff)