diff options
author | Andrey Andreev <narf@devilix.net> | 2014-02-06 04:34:19 +0100 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2014-02-06 04:34:19 +0100 |
commit | 3aa781a65267d72000009df0fa2feee5cb3bdd8d (patch) | |
tree | 45aae14cc3ad37240bedee7e2db71d1b06ae363f | |
parent | f6779f5e2510811a1d4fe39864923226a475f298 (diff) |
Make CI_Session's HMAC comparison time-attack-safe
-rw-r--r-- | system/libraries/Session/drivers/Session_cookie.php | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/system/libraries/Session/drivers/Session_cookie.php b/system/libraries/Session/drivers/Session_cookie.php index 971dfeabe..c8dfad6c9 100644 --- a/system/libraries/Session/drivers/Session_cookie.php +++ b/system/libraries/Session/drivers/Session_cookie.php @@ -395,7 +395,15 @@ class CI_Session_cookie extends CI_Session_driver { $hmac = substr($session, $len); $session = substr($session, 0, $len); - if ($hmac !== hash_hmac('sha1', $session, $this->encryption_key)) + // Time-attack-safe comparison + $hmac_check = hash_hmac('sha1', $session, $this->encryption_key); + $diff = 0; + for ($i = 0; $i < 40; $i++) + { + $diff |= ord($hmac[$i]) ^ ord($hmac_check[$i]); + } + + if ($diff !== 0) { log_message('error', 'The session cookie data did not match what was expected.'); $this->sess_destroy(); |