New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use timing attack safe string comparison #11096

Merged
merged 1 commit into from Aug 25, 2017

Conversation

Projects
None yet
4 participants
@ceeram
Member

ceeram commented Aug 25, 2017

Use timing attack safe string comparison

@ceeram ceeram self-assigned this Aug 25, 2017

@markstory markstory added this to the 3.5.1 milestone Aug 25, 2017

@markstory markstory added the auth label Aug 25, 2017

markstory added a commit to cakephp/authentication that referenced this pull request Aug 25, 2017

Use constant time comparision
Prevent timing attacks by using a constant time comparison.

Port of cakephp/cakephp#11096
@codecov-io

This comment has been minimized.

Show comment
Hide comment
@codecov-io

codecov-io Aug 25, 2017

Codecov Report

Merging #11096 into master will increase coverage by 0.05%.
The diff coverage is 100%.

Impacted file tree graph

@@             Coverage Diff              @@
##             master   #11096      +/-   ##
============================================
+ Coverage     94.87%   94.92%   +0.05%     
- Complexity    12838    13059     +221     
============================================
  Files           437      437              
  Lines         32732    33060     +328     
============================================
+ Hits          31053    31381     +328     
  Misses         1679     1679
Impacted Files Coverage Δ Complexity Δ
src/Auth/DigestAuthenticate.php 100% <100%> (ø) 32 <0> (ø) ⬇️
src/Cache/Engine/FileEngine.php 88.95% <0%> (-1.11%) 73% <0%> (ø)
src/Http/ActionDispatcher.php 100% <0%> (ø) 21% <0%> (+2%) ⬆️
src/Controller/Controller.php 99.53% <0%> (+0.07%) 102% <0%> (+25%) ⬆️
src/Http/ServerRequest.php 99.65% <0%> (+0.16%) 432% <0%> (+194%) ⬆️
src/Cache/CacheEngine.php 93.61% <0%> (+4.25%) 19% <0%> (ø) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e64e0a9...bab2dc2. Read the comment docs.

codecov-io commented Aug 25, 2017

Codecov Report

Merging #11096 into master will increase coverage by 0.05%.
The diff coverage is 100%.

Impacted file tree graph

@@             Coverage Diff              @@
##             master   #11096      +/-   ##
============================================
+ Coverage     94.87%   94.92%   +0.05%     
- Complexity    12838    13059     +221     
============================================
  Files           437      437              
  Lines         32732    33060     +328     
============================================
+ Hits          31053    31381     +328     
  Misses         1679     1679
Impacted Files Coverage Δ Complexity Δ
src/Auth/DigestAuthenticate.php 100% <100%> (ø) 32 <0> (ø) ⬇️
src/Cache/Engine/FileEngine.php 88.95% <0%> (-1.11%) 73% <0%> (ø)
src/Http/ActionDispatcher.php 100% <0%> (ø) 21% <0%> (+2%) ⬆️
src/Controller/Controller.php 99.53% <0%> (+0.07%) 102% <0%> (+25%) ⬆️
src/Http/ServerRequest.php 99.65% <0%> (+0.16%) 432% <0%> (+194%) ⬆️
src/Cache/CacheEngine.php 93.61% <0%> (+4.25%) 19% <0%> (ø) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e64e0a9...bab2dc2. Read the comment docs.

@lorenzo

This comment has been minimized.

Show comment
Hide comment
@lorenzo

lorenzo Aug 25, 2017

Member

Thanks!

Member

lorenzo commented Aug 25, 2017

Thanks!

@lorenzo lorenzo merged commit 8b8a8ba into master Aug 25, 2017

6 checks passed

codecov/patch 100% of diff hit (target 94.87%)
Details
codecov/project 94.92% (+0.05%) compared to 3587231
Details
continuous-integration/appveyor/pr AppVeyor build succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details
stickler-ci No lint errors found.

@lorenzo lorenzo deleted the digest-constant-time branch Aug 25, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment