diff options
-rw-r--r-- | system/libraries/Session.php | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/system/libraries/Session.php b/system/libraries/Session.php index 89c699765..b6c53c71d 100644 --- a/system/libraries/Session.php +++ b/system/libraries/Session.php @@ -145,7 +145,9 @@ class CI_Session { } // HMAC authentication - if (($len = strlen($session) - 40) <= 0) + $len = strlen($session) - 40; + + if ($len <= 0) { log_message('error', 'Session: The session cookie was not signed.'); return FALSE; @@ -158,9 +160,11 @@ class CI_Session { // Time-attack-safe comparison $hmac_check = hash_hmac('sha1', $session, $this->encryption_key); $diff = 0; + for ($i = 0; $i < 40; $i++) { - $diff |= ord($hmac[$i]) ^ ord($hmac_check[$i]); + $xor = ord($hmac[$i]) ^ ord($hmac_check[$i]); + $diff |= $xor; } if ($diff !== 0) @@ -789,4 +793,4 @@ class CI_Session { // END Session Class /* End of file Session.php */ -/* Location: ./system/libraries/Session.php */
\ No newline at end of file +/* Location: ./system/libraries/Session.php */ |