Commit aceb897e by Kálmán Viktor

common: eliminate security risk

parent 4d63a446
...@@ -51,12 +51,7 @@ class Saml2Backend(Saml2BackendBase): ...@@ -51,12 +51,7 @@ class Saml2Backend(Saml2BackendBase):
if max_length > 0 and len(attr) > max_length: if max_length > 0 and len(attr) > max_length:
logger.info("Main attribute '%s' is too long." % attr) logger.info("Main attribute '%s' is too long." % attr)
hashed = sha.new(attr).hexdigest() hashed = sha.new(attr).hexdigest()
if "@" in attr: attr = hashed[:max_length]
domain = attr.rsplit("@", 1)[1]
attr = "%s@%s" % (hashed[:max_length-1-len(domain)],
domain)
else:
attr = hashed[:max_length]
logger.info("New main attribute: %s" % attr) logger.info("New main attribute: %s" % attr)
return attr return attr
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment