From b22fd68d85ebe4cc18138b6b1a0811cf84a08a0b Mon Sep 17 00:00:00 2001
From: Yorhel <git@yorhel.nl>
Date: Fri, 17 May 2019 10:18:58 +0200
Subject: Fix PWLookup.pm to reject null-bytes in the dictionary

Since the database format can't handle it.
---
 lib/PWLookup.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/PWLookup.pm b/lib/PWLookup.pm
index bf4ea96b..6e2f03e4 100644
--- a/lib/PWLookup.pm
+++ b/lib/PWLookup.pm
@@ -87,7 +87,7 @@ sub encode {
     while((my $p = <STDIN>)) {
         chomp($p);
         # No need to store passwords that are rejected by form validation
-        if(!length($p) || length($p) > 500 || !eval { decode_utf8((local $_=$p), Encode::FB_CROAK); 1 }) {
+        if(!length($p) || length($p) > 500 || !eval { decode_utf8((local $_=$p), Encode::FB_CROAK); 1 } || $p =~ /\x00/) {
             warn sprintf "Rejecting: %s\n", ($p =~ s/([^\x21-\x7e])/sprintf '%%%02x', ord $1/ger);
             next;
         }
-- 
cgit v1.2.3