zxcvbn-php
zxcvbn-php copied to clipboard
extremely long passwords cause factorial in scorer to return a float and throw error
Using the attached test file a password larger than 219 characters and smaller than 670 characters causes the passwordStrength function to throw an error
ZxcvbnPhp\\Scorer::factorial(): Return value must be of type int, float returned
to run test test use the attached file
php roc-554-password-complexity-open-source.php.txt > test.stdout.txt
Running progress of the test will be seen on the stderr.
Output of the test file, before and after the obvious fix, including a diff shows that changing int to float works fine. Obviously there is a limit where the runtime will be too long and/or the factorial will return INF or NAN or something like that.
roc-554-password-complexity-open-source.php.txt roc-554-password-complexity-open-source.issue.1.txt roc-554-password-complexity-open-source.issue.2.txt roc-554-password-complexity-open-source.issue.diff.txt