diff options
Diffstat (limited to 'system')
| -rw-r--r-- | system/database/drivers/odbc/odbc_driver.php | 2 | ||||
| -rw-r--r-- | system/libraries/Session/drivers/Session_cookie.php | 10 |
2 files changed, 10 insertions, 2 deletions
diff --git a/system/database/drivers/odbc/odbc_driver.php b/system/database/drivers/odbc/odbc_driver.php index 45e91cbc5..6f635bdfb 100644 --- a/system/database/drivers/odbc/odbc_driver.php +++ b/system/database/drivers/odbc/odbc_driver.php @@ -222,7 +222,7 @@ class CI_DB_odbc_driver extends CI_DB { */ public function affected_rows() { - return @odbc_num_rows($this->conn_id); + return @odbc_num_rows($this->result_id); } // -------------------------------------------------------------------- diff --git a/system/libraries/Session/drivers/Session_cookie.php b/system/libraries/Session/drivers/Session_cookie.php index 5d338fc04..79712ad94 100644 --- a/system/libraries/Session/drivers/Session_cookie.php +++ b/system/libraries/Session/drivers/Session_cookie.php @@ -404,7 +404,15 @@ class CI_Session_cookie extends CI_Session_driver { $hmac = substr($session, $len); $session = substr($session, 0, $len); - if ($hmac !== hash_hmac('sha1', $session, $this->encryption_key)) + // Time-attack-safe comparison + $hmac_check = hash_hmac('sha1', $session, $this->encryption_key); + $diff = 0; + for ($i = 0; $i < 40; $i++) + { + $diff |= ord($hmac[$i]) ^ ord($hmac_check[$i]); + } + + if ($diff !== 0) { log_message('error', 'Session: HMAC mismatch. The session cookie data did not match what was expected.'); $this->sess_destroy(); |