Uploaded image for project: 'Lucee Development'
  1. LDEV-1561

invalid values in iterations argument of hash function

    Details

    • Type: Bug
    • Status: Deployed
    • Priority: New
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 5.2.6.20
    • Labels:
      None
    • Sprint:
      January 2018 Sprint

      Description

      The "iterations" argument in the "hash" function behaves unexpected. See the following examples:

      hash("foo", "SHA-256", "UTF-8", -1); // returns 666F6F
      hash("foo", "SHA-256", "UTF-8",  0); // returns 666F6F
      hash("foo", "SHA-256", "UTF-8",  1); // returns 2C26B46B68FF[...] (single hash)
      

      "The iterations value represents the total number of hashes on Lucee" [....](https://cfdocs.org/hash)

      Thus the "iterations" argument in Lucee should either throw an exception (Number of hashes/iterations has to be greater than 0) or at least force <= 0 to be treated as 1. The latter is what ACF does.

        Attachments

          Activity

            People

            • Assignee:
              michaeloffner Michael Offner
              Reporter:
              AKwaschny Alexander Kwaschny
            • Votes:
              3 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: