From 1879a49506bc222bff3571ddcf924d0224f27f81 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 10 Mar 2011 20:40:12 +0000 Subject: [PATCH] fix for a bug reported by andreoaz@gmail.com --- doc/THANKS | 3 +++ lib/utils/hash.py | 7 ++++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/doc/THANKS b/doc/THANKS index a27517540..cddce6e70 100644 --- a/doc/THANKS +++ b/doc/THANKS @@ -359,6 +359,9 @@ Sumit Siddharth for providing me with ideas on the implementation of a couple of features +Andre Silva + for reporting a bug + M Simkin for suggesting a feature diff --git a/lib/utils/hash.py b/lib/utils/hash.py index abb70930b..a9d697766 100644 --- a/lib/utils/hash.py +++ b/lib/utils/hash.py @@ -28,6 +28,7 @@ from lib.core.common import paths from lib.core.common import readInput from lib.core.convert import hexdecode from lib.core.convert import hexencode +from lib.core.convert import utf8encode from lib.core.data import kb from lib.core.data import logger from lib.core.enums import DBMS @@ -99,7 +100,7 @@ def mssql_passwd(password, salt, uppercase=False): """ binsalt = hexdecode(salt) - unistr = "".join("%s\0" % c for c in password) + unistr = "".join(map(lambda c: ("%s\0" if ord(c) < 256 else "%s") % utf8encode(c), password)) retVal = "0100%s%s" % (salt, sha1(unistr + binsalt).hexdigest()) @@ -117,7 +118,7 @@ def mssql_old_passwd(password, salt, uppercase=True): # prior to version '2005' """ binsalt = hexdecode(salt) - unistr = "".join("%s\0" % c for c in password) + unistr = "".join(map(lambda c: ("%s\0" if ord(c) < 256 else "%s") % utf8encode(c), password)) retVal = "0100%s%s%s" % (salt, sha1(unistr + binsalt).hexdigest(), sha1(unistr.upper() + binsalt).hexdigest()) @@ -136,7 +137,7 @@ def oracle_passwd(password, salt, uppercase=True): binsalt = hexdecode(salt) - retVal="s:%s%s" % (sha1(password + binsalt).hexdigest(), salt) + retVal="s:%s%s" % (sha1(utf8encode(password) + binsalt).hexdigest(), salt) return retVal.upper() if uppercase else retVal.lower()