Commit aceb897e by Kálmán Viktor

common: eliminate security risk

parent 4d63a446
......@@ -51,12 +51,7 @@ class Saml2Backend(Saml2BackendBase):
if max_length > 0 and len(attr) > max_length:
logger.info("Main attribute '%s' is too long." % attr)
hashed = sha.new(attr).hexdigest()
if "@" in attr:
domain = attr.rsplit("@", 1)[1]
attr = "%s@%s" % (hashed[:max_length-1-len(domain)],
domain)
else:
attr = hashed[:max_length]
attr = hashed[:max_length]
logger.info("New main attribute: %s" % attr)
return attr
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment