Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F3409546
T127420b.patch
csteipp (Chris Steipp)
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
csteipp
Feb 24 2016, 12:36 AM
2016-02-24 00:36:00 (UTC+0)
Size
2 KB
Referenced Files
None
Subscribers
None
T127420b.patch
View Options
From 74cfe82b7b51f45b2c7e855d3ce18e9cd1d2bb3b Mon Sep 17 00:00:00 2001
From: csteipp <csteipp@wikimedia.org>
Date: Mon, 22 Feb 2016 12:50:40 -0800
Subject: [PATCH] SECURITY: Throw exception on unknown hash algorithm
To prevent a bad password configuration from accidentally allowing
users to bypass authentication, throw an exception if either hash or
hash_pbkdf2 return false.
Also, ensure md5() returned a sane hash.
Bug: T127420
Change-Id: If3664941236e4065eb8db11b0a211fd6210de631
---
includes/password/MWOldPassword.php | 4 ++++
includes/password/MWSaltedPassword.php | 4 ++++
includes/password/Pbkdf2Password.php | 9 ++++++++-
3 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/includes/password/MWOldPassword.php b/includes/password/MWOldPassword.php
index 2150e56..84675c1 100644
--- a/includes/password/MWOldPassword.php
+++ b/includes/password/MWOldPassword.php
@@ -44,5 +44,9 @@ class MWOldPassword extends ParameterizedPassword {
$this->args = [];
$this->hash = md5( $plaintext );
}
+
+ if ( !is_string( $this->hash ) || strlen( $this->hash ) < 32 ) {
+ throw new PasswordError( 'Error when hashing password.' );
+ }
}
}
diff --git a/includes/password/MWSaltedPassword.php b/includes/password/MWSaltedPassword.php
index 26730b1..733984c 100644
--- a/includes/password/MWSaltedPassword.php
+++ b/includes/password/MWSaltedPassword.php
@@ -42,5 +42,9 @@ class MWSaltedPassword extends ParameterizedPassword {
}
$this->hash = md5( $this->args[0] . '-' . md5( $plaintext ) );
+
+ if ( !is_string( $this->hash ) || strlen( $this->hash ) < 32 ) {
+ throw new PasswordError( 'Error when hashing password.' );
+ }
}
}
diff --git a/includes/password/Pbkdf2Password.php b/includes/password/Pbkdf2Password.php
index 8ef6f8d..6ffada3 100644
--- a/includes/password/Pbkdf2Password.php
+++ b/includes/password/Pbkdf2Password.php
@@ -55,8 +55,15 @@ class Pbkdf2Password extends ParameterizedPassword {
(int)$this->params['length'],
true
);
+ if ( !is_string( $hash ) ) {
+ throw new PasswordError( 'Error when hashing password.' );
+ }
} else {
- $hashLen = strlen( hash( $this->params['algo'], '', true ) );
+ $hashLenHash = hash( $this->params['algo'], '', true );
+ if ( !is_string( $hashLenHash ) ) {
+ throw new PasswordError( 'Error when hashing password.' );
+ }
+ $hashLen = strlen( $hashLenHash );
$blockCount = ceil( $this->params['length'] / $hashLen );
$hash = '';
--
2.6.2
File Metadata
Details
Attached
Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3398382
Default Alt Text
T127420b.patch (2 KB)
Attached To
Mode
T127420: Pbkdf2Password does not check if hash_pbkdf2() succeeded
Attached
Detach File
Event Timeline
Log In to Comment