Fix the thorrtler whitelist bitmask

Before we actually didn't check each bit of the bitmask. Now we do. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
author: Roeland Jago Douma <roeland@famdouma.nl> 2019-02-11 23:22:20 +0100
committer: Backportbot <backportbot-noreply@rullzer.com> 2019-02-12 07:56:07 +0000
commit: 096498c0335b5e7461d9d2e4bb1874a42ebef83f (patch)
tree: a4e8f46faa4bb692c37138cbb8e0759aa49ffde2 /lib
parent: 40b40c94a2e57d336a40441d9ed9d0d8d7e034d4 (diff)
download: nextcloud-server-096498c0335b5e7461d9d2e4bb1874a42ebef83f.tar.gz
nextcloud-server-096498c0335b5e7461d9d2e4bb1874a42ebef83f.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/private/Security/Bruteforce/Throttler.php b/lib/private/Security/Bruteforce/Throttler.php
index 3282121d967..ec56b4f7ee2 100644
--- a/lib/private/Security/Bruteforce/Throttler.php
+++ b/lib/private/Security/Bruteforce/Throttler.php
@@ -177,8 +177,10 @@ class Throttler {
 				$part = ord($addr[(int)($i/8)]);
 				$orig = ord($ip[(int)($i/8)]);
 
-				$part = $part & (15 << (1 - ($i % 2)));
-				$orig = $orig & (15 << (1 - ($i % 2)));
+				$bitmask = 1 << (7 - ($i % 8));
+
+				$part = $part & $bitmask;
+				$orig = $orig & $bitmask;
 
 				if ($part !== $orig) {
 					$valid = false;
author	Roeland Jago Douma <roeland@famdouma.nl>	2019-02-11 23:22:20 +0100
committer	Backportbot <backportbot-noreply@rullzer.com>	2019-02-12 07:56:07 +0000
commit	096498c0335b5e7461d9d2e4bb1874a42ebef83f (patch)
tree	a4e8f46faa4bb692c37138cbb8e0759aa49ffde2 /lib
parent	40b40c94a2e57d336a40441d9ed9d0d8d7e034d4 (diff)
download	nextcloud-server-096498c0335b5e7461d9d2e4bb1874a42ebef83f.tar.gz nextcloud-server-096498c0335b5e7461d9d2e4bb1874a42ebef83f.zip