Merge pull request #14149 from nextcloud/fix/throttler_bitmask

Fix the thorrtler whitelist bitmask
author: Roeland Jago Douma <rullzer@users.noreply.github.com> 2019-02-12 08:54:19 +0100
committer: GitHub <noreply@github.com> 2019-02-12 08:54:19 +0100
commit: 004f7fa8e141b159cc76f99cc041eec215444236 (patch)
tree: e29c587d397b22ccc88eb26b489e363fd8752837 /lib/private
parent: 44f6303dc3ebad3ed227ac5a37b8e04bab794eeb (diff)
parent: f1ea56b5024729e01050249a0c4ee7ac28faca83 (diff)
download: nextcloud-server-004f7fa8e141b159cc76f99cc041eec215444236.tar.gz
nextcloud-server-004f7fa8e141b159cc76f99cc041eec215444236.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/private/Security/Bruteforce/Throttler.php b/lib/private/Security/Bruteforce/Throttler.php
index 3282121d967..ec56b4f7ee2 100644
--- a/lib/private/Security/Bruteforce/Throttler.php
+++ b/lib/private/Security/Bruteforce/Throttler.php
@@ -177,8 +177,10 @@ class Throttler {
 				$part = ord($addr[(int)($i/8)]);
 				$orig = ord($ip[(int)($i/8)]);
 
-				$part = $part & (15 << (1 - ($i % 2)));
-				$orig = $orig & (15 << (1 - ($i % 2)));
+				$bitmask = 1 << (7 - ($i % 8));
+
+				$part = $part & $bitmask;
+				$orig = $orig & $bitmask;
 
 				if ($part !== $orig) {
 					$valid = false;
author	Roeland Jago Douma <rullzer@users.noreply.github.com>	2019-02-12 08:54:19 +0100
committer	GitHub <noreply@github.com>	2019-02-12 08:54:19 +0100
commit	004f7fa8e141b159cc76f99cc041eec215444236 (patch)
tree	e29c587d397b22ccc88eb26b489e363fd8752837 /lib/private
parent	44f6303dc3ebad3ed227ac5a37b8e04bab794eeb (diff)
parent	f1ea56b5024729e01050249a0c4ee7ac28faca83 (diff)
download	nextcloud-server-004f7fa8e141b159cc76f99cc041eec215444236.tar.gz nextcloud-server-004f7fa8e141b159cc76f99cc041eec215444236.zip