Fix CVE-2015-5687, other security vulnerabilities (CVEs pending) #904
Conversation
|
Edit - my fault, missed the line. |
|
https://github.com/paragonie/random_compat/blob/master/ERRATA.md It can fail silently. random_compat uses it as a last resort. |
|
Oops. |
|
@TheBrenny Have you had time to review this? We typically go public 30 days after disclosure or 24 hours after the fixed version is released. |
|
@paragonie-scott, sadly, I'm not a part of the dev team, so for me to review this would be pointless. I merely just help them out with any of the bugs floating around, because they're super busy. I want to point out, though, that @CraigChilds94 is getting round to merging things pretty soon, as you can see by the comment on my (accidentally closed because I deleted the branch) PR #884. So I wouldn't count it as a fixed version release until this gets merged, and even then, because this is the 0.9-dev branch, I wouldn't count it as a version release. But hey, what's a version release is up to you, I guess! 😛 |
|
A version release means your users can run a command e.g. composer update I need to make one more commit when I get home in a couple hours.
|
|
All in your own time, don't stress. 😃 |
| return Security::hashEquals( | ||
| crypt($value, $hash), | ||
| $hash | ||
| ); |
There was a problem hiding this comment.
Shouldn't these four lines be joined onto one? Not a life-or-death, just a better convention?
|
Okay, I've updated the |
|
@CraigChilds94 Can you give an ETA on when you'll be able to look at this one? And also, when the next release for 0.9.x will be? An advisory for these security issues will be sent out to Full Disclosure on August 27 at the latest. |
|
We're getting close to the 30 day mark. Please let me know if you need any more information on the changes this PR makes. |
| $message_compare = hash_hmac('sha256', $given, $blind); | ||
| $correct_compare = hash_hmac('sha256', $expected, $blind); | ||
| return $correct_compare === $message_compare; | ||
| } |
There was a problem hiding this comment.
Why calculate hmacs on the args? is this a timing attack thing?
There was a problem hiding this comment.
Good question. This is a timing attack mitigation strategy called "Double HMAC". By using a random nonce ($blind above), you eliminate any useful timing information from leaking out.
There was a problem hiding this comment.
Alternatively: Yes, this is a timing attack thing.
…o 0.9-dev Conflicts: anchor/libraries/hash.php system/helpers.php system/session/drivers/cookie.php
|
Looks like this was fixed by deleting the driver and using RandomLib. That's acceptable as well. |
|
Thanks for pointing use in the right direction, the cookie driver should have been removed ages ago it was never used but was far from secure. |
Securitylibrary with CSPRNG,hash_equals()polyfill, binary-safe string operations