Browse files

Use secure_compare for hmac comparison

 * Closes CVE-2013-0263
  • Loading branch information...
1 parent 9a81b96 commit 0cd7e9aa397f8ebb3b8481d67dbac8b4863a7f07 @raggi raggi committed Feb 7, 2013
Showing with 1 addition and 1 deletion.
  1. +1 −1 lib/rack/session/cookie.rb
View
2 lib/rack/session/cookie.rb
@@ -159,7 +159,7 @@ def destroy_session(env, session_id, options)
def digest_match?(data, digest)
return unless data && digest
@secrets.any? do |secret|
- digest == generate_hmac(data, secret)
@tarcieri
tarcieri added a note Feb 8, 2013

Heh, funny, I looked for this vulnerability in Rails recently and saw they were using a (wonky) constant-time comparison function. Didn't think to look in Rack. Crypto is hard :(

More support for RbNaCl 👍

@tarcieri
tarcieri added a note Feb 8, 2013

Constant time comparison function? Yeah, RbNaCl's got one of those (and full HMAC as implemented by Dan Bernstein): https://github.com/cryptosphere/rbnacl/blob/master/lib/rbnacl/util.rb#L40

@raggi
Official Rack repositories member
raggi added a note Feb 8, 2013

Saddest thing about this is, @codahale reported this 3 years ago, and I even responded then, but I was too dumb to get it, and not running releases (probably good). Anyway, I was wrong then, and we were wrong not to deal with it.

@tarcieri
tarcieri added a note Feb 8, 2013

@raggi again, crypto is hard ;(

@raggi
Official Rack repositories member
raggi added a note Feb 8, 2013

@tarcieri thing that really gets me though, is that these days I'm very clearly aware of how critical timing attacks are. I had some generally knowledgable folks telling me it's not really viable over the last couple of days. Well, when you're inside the Cloud, you're basically on a LAN. This is totally viable inside [insert cloud service here].

@tarcieri
tarcieri added a note Feb 8, 2013

Know a timing attack:

Screen Shot 2013-02-07 at 10 06 03 PM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
+ Rack::Utils.secure_compare(digest, generate_hmac(data, secret))
end
end

0 comments on commit 0cd7e9a

Please sign in to comment.