diff options
author | Joan Touzet <wohali@apache.org> | 2014-04-05 22:16:12 -0400 |
---|---|---|
committer | Joan Touzet <wohali@apache.org> | 2014-04-05 22:16:12 -0400 |
commit | 006d81965d9d09d3fe97a45c973198dc166dafda (patch) | |
tree | 5e52d1df122d5eef3b439429f09c2ff67ea8ff33 | |
parent | 9f6a9190f04a23690277888b5ae2413f7cef7a96 (diff) | |
download | couchdb-006d81965d9d09d3fe97a45c973198dc166dafda.tar.gz |
Protect against _users doc iterations as string (pbkdf2)COUCHDB-2221
-rw-r--r-- | src/couchdb/couch_httpd_auth.erl | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/couchdb/couch_httpd_auth.erl b/src/couchdb/couch_httpd_auth.erl index 08841fb67..abc2054ba 100644 --- a/src/couchdb/couch_httpd_auth.erl +++ b/src/couchdb/couch_httpd_auth.erl @@ -367,7 +367,9 @@ authenticate(Pass, UserProps) -> {couch_passwords:simple(Pass, UserSalt), couch_util:get_value(<<"password_sha">>, UserProps, nil)}; <<"pbkdf2">> -> - Iterations = couch_util:get_value(<<"iterations">>, UserProps, 10000), + Iterations = couch_util:to_integer( + couch_util:get_value(<<"iterations">>, UserProps, 10000) + ), {couch_passwords:pbkdf2(Pass, UserSalt, Iterations), couch_util:get_value(<<"derived_key">>, UserProps, nil)} end, |