commit 6299c44a8990c92e45d7c59364af40d46bb4529f
parent 95bfd98b793aebf3f2fd4af719e6108af40b25cf
Author: markseu <mark2011@mayberg.se>
Date: Wed, 16 May 2018 14:19:58 +0200
Updated token verification for @wunderfeyd
Diffstat:
2 files changed, 22 insertions(+), 17 deletions(-)
diff --git a/system/plugins/core.php b/system/plugins/core.php
@@ -3360,11 +3360,17 @@ class YellowToolbox
return $this->verifyToken($hashCalculated, $hash);
}
- // Verify that text is identical, timing attack safe text string comparison
- function verifyToken($text1, $text2)
+ // Verify that token is not empty and identical, timing attack safe text string comparison
+ function verifyToken($tokenExpected, $tokenReceived)
{
- $ok = !empty($text1) && strlenb($text1)==strlenb($text2);
- if($ok) for($i=0; $i<strlenb($text1); ++$i) $ok &= $text1[$i]==$text2[$i];
+ $ok = false;
+ $lengthExpected = strlenb($tokenExpected);
+ $lengthReceived = strlenb($tokenReceived);
+ if($lengthExpected!=0 && $lengthReceived!=0)
+ {
+ $ok = $lengthExpected==$lengthReceived;
+ for($i=0; $i<$lengthReceived; ++$i) $ok &= $tokenExpected[$i<$lengthExpected ? $i : 0]==$tokenReceived[$i];
+ }
return $ok;
}
diff --git a/system/plugins/edit.php b/system/plugins/edit.php
@@ -1512,7 +1512,8 @@ class YellowUsers
// Create authentication token
function createAuthToken($email)
{
- $session = $this->createSession($email);
+ $session = $this->yellow->toolbox->createHash($this->users[$email]["hash"], "sha256");
+ if(empty($session)) $session = "padd"."error-hash-algorithm-sha256";
return substru($session, 4).$this->getStamp($email);
}
@@ -1522,14 +1523,6 @@ class YellowUsers
return $this->yellow->toolbox->createSalt(64);
}
- // Create user session
- function createSession($email)
- {
- $session = $this->yellow->toolbox->createHash($this->users[$email]["hash"], "sha256");
- if(empty($session)) $session = "error-hash-algorithm-sha256";
- return $session;
- }
-
// Create user stamp
function createStamp()
{
@@ -1664,11 +1657,17 @@ class YellowUsers
return $data;
}
- // Verify that text is identical, timing attack safe text string comparison
- function verifyToken($text1, $text2) //TODO: remove later, use directly from core after next release
+ // Verify that token is not empty and identical, timing attack safe text string comparison
+ function verifyToken($tokenExpected, $tokenReceived) //TODO: remove later, use directly from core after next release
{
- $ok = !empty($text1) && strlenb($text1)==strlenb($text2);
- if($ok) for($i=0; $i<strlenb($text1); ++$i) $ok &= $text1[$i]==$text2[$i];
+ $ok = false;
+ $lengthExpected = strlenb($tokenExpected);
+ $lengthReceived = strlenb($tokenReceived);
+ if($lengthExpected!=0 && $lengthReceived!=0)
+ {
+ $ok = $lengthExpected==$lengthReceived;
+ for($i=0; $i<$lengthReceived; ++$i) $ok &= $tokenExpected[$i<$lengthExpected ? $i : 0]==$tokenReceived[$i];
+ }
return $ok;
}
