Skip to content

Fix #78516: password_hash(): Memory cost is outside of allowed memory… #4695

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 5 commits into from
Closed

Fix #78516: password_hash(): Memory cost is outside of allowed memory… #4695

wants to merge 5 commits into from

Conversation

cmb69
Copy link
Member

@cmb69 cmb69 commented Sep 10, 2019

… range

libsodium measures the memory cost in bytes, while password_hash() and
friends expect kibibyte values. We have to properly map between these
scales not only when calling libsodium functions, but also when
checking for allowed values.

cc @sgolemon

@cmb69
Fix #78516: password_hash(): Memory cost is outside of allowed memory…
ad6c899 
… range

libsodium measures the memory cost in bytes, while password_hash() and
friends expect kibibyte values.  We have to properly map between these
scales not only when calling libsodium functions, but also when
checking for allowed values.
remicollet
remicollet approved these changes Sep 10, 2019
View reviewed changes
Copy link
Member

@remicollet remicollet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Girgias
Girgias reviewed Sep 10, 2019
View reviewed changes
@cmb69
Copy link
Member Author

cmb69 commented Sep 10, 2019

Unless there are objections, I'll merge this PR on next Monday (so that it makes it into PHP 7.4.0RC2).

nikic
nikic reviewed Sep 11, 2019
View reviewed changes
nikic
nikic reviewed Sep 14, 2019
View reviewed changes
nikic
nikic reviewed Sep 14, 2019
View reviewed changes
ext/sodium/sodium_pwhash.c Outdated
}

static int php_sodium_argon2_get_info(zval *return_value, const zend_string *hash) {
const char* p = NULL;
zend_long v = 0, threads = 1;
zend_long memory_cost = PHP_SODIUM_PWHASH_MEMLIMIT;
zend_long memory_cost = PHP_SODIUM_PWHASH_MEMLIMIT << 10;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this one is right. It shouldn't really happen anyway (that means that the sscanf failed and the hash is essentially corrupt), but if in this context memory_cost shouldn't by multiplied by 1k, I think

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, you're right.

It seems to me that we should catch failing sscanf() here. Otherwise password_needs_rehash() may return true, although password_get_info() returns values which wouldn't indicate that.

@cmb69
Copy link
Member Author

cmb69 commented Sep 16, 2019

Applied as 145ffd9. Thanks!

@cmb69 cmb69 closed this Sep 16, 2019
@cmb69 cmb69 deleted the fix-78516 branch September 16, 2019 13:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nikic nikic nikic left review comments

@Girgias Girgias Girgias left review comments

@remicollet remicollet remicollet approved these changes

Assignees
No one assigned
Labels
Bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@cmb69 @nikic @remicollet @Girgias @carusogabriel