Fix the thorrtler whitelist bitmask

Before we actually didn't check each bit of the bitmask. Now we do. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
author: Roeland Jago Douma <roeland@famdouma.nl> 2019-02-11 23:22:20 +0100
committer: Roeland Jago Douma <roeland@famdouma.nl> 2019-02-11 23:22:20 +0100
commit: f1ea56b5024729e01050249a0c4ee7ac28faca83 (patch)
tree: e1c868f20d1275262ec2f3ce1e9744cd9a2aeef3 /lib/private/Security
parent: e3c787682dfebec2c8e4071aa570a7ee9f77ea52 (diff)
download: nextcloud-server-f1ea56b5024729e01050249a0c4ee7ac28faca83.tar.gz
nextcloud-server-f1ea56b5024729e01050249a0c4ee7ac28faca83.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/private/Security/Bruteforce/Throttler.php b/lib/private/Security/Bruteforce/Throttler.php
index 3282121d967..ec56b4f7ee2 100644
--- a/lib/private/Security/Bruteforce/Throttler.php
+++ b/lib/private/Security/Bruteforce/Throttler.php
@@ -177,8 +177,10 @@ class Throttler {
 				$part = ord($addr[(int)($i/8)]);
 				$orig = ord($ip[(int)($i/8)]);
 
-				$part = $part & (15 << (1 - ($i % 2)));
-				$orig = $orig & (15 << (1 - ($i % 2)));
+				$bitmask = 1 << (7 - ($i % 8));
+
+				$part = $part & $bitmask;
+				$orig = $orig & $bitmask;
 
 				if ($part !== $orig) {
 					$valid = false;
author	Roeland Jago Douma <roeland@famdouma.nl>	2019-02-11 23:22:20 +0100
committer	Roeland Jago Douma <roeland@famdouma.nl>	2019-02-11 23:22:20 +0100
commit	f1ea56b5024729e01050249a0c4ee7ac28faca83 (patch)
tree	e1c868f20d1275262ec2f3ce1e9744cd9a2aeef3 /lib/private/Security
parent	e3c787682dfebec2c8e4071aa570a7ee9f77ea52 (diff)
download	nextcloud-server-f1ea56b5024729e01050249a0c4ee7ac28faca83.tar.gz nextcloud-server-f1ea56b5024729e01050249a0c4ee7ac28faca83.zip