logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma git clone https://hacktivis.me/git/pleroma.git
commit: 86e6d395d931f532b18fccdeb65c300b22fbce8a
parent 79d69ce72a4a922d1be8f3aae36d5fff3089fd1c
Author: Mark Felder <feld@feld.me>
Date:   Wed, 14 Feb 2024 17:54:56 -0500

Fix atom leak in password digest functionality

The value here gets passesd to :crypto.pbkdf2_hmac and it expects one of these atoms: :sha | :sha224 | :sha256 | :sha384 | :sha512 so it will always exist

Diffstat:

Mlib/pleroma/password/pbkdf2.ex2+-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/pleroma/password/pbkdf2.ex b/lib/pleroma/password/pbkdf2.ex @@ -28,7 +28,7 @@ defmodule Pleroma.Password.Pbkdf2 do iterations = String.to_integer(iterations) - digest = String.to_atom(digest) + digest = String.to_existing_atom(digest) binary_hash = KeyGenerator.generate(password, salt, digest: digest, iterations: iterations, length: 64)