From aa9a4f7e59143a3a187e415e646c966aaf786380 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 28 Jan 2014 12:05:51 +0200 Subject: Fix #2844 --- system/libraries/Zip.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries') diff --git a/system/libraries/Zip.php b/system/libraries/Zip.php index b10b0bb0f..58f06455c 100644 --- a/system/libraries/Zip.php +++ b/system/libraries/Zip.php @@ -294,7 +294,7 @@ class CI_Zip { { $name = str_replace('\\', '/', $path); - if ($preserve_filepath === FALSE) + if ($archive_filepath === FALSE) { $name = preg_replace('|.*/(.+)|', '\\1', $name); } -- cgit v1.2.3-24-g4f1b From 3aa781a65267d72000009df0fa2feee5cb3bdd8d Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 6 Feb 2014 05:34:19 +0200 Subject: Make CI_Session's HMAC comparison time-attack-safe --- system/libraries/Session/drivers/Session_cookie.php | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'system/libraries') diff --git a/system/libraries/Session/drivers/Session_cookie.php b/system/libraries/Session/drivers/Session_cookie.php index 971dfeabe..c8dfad6c9 100644 --- a/system/libraries/Session/drivers/Session_cookie.php +++ b/system/libraries/Session/drivers/Session_cookie.php @@ -395,7 +395,15 @@ class CI_Session_cookie extends CI_Session_driver { $hmac = substr($session, $len); $session = substr($session, 0, $len); - if ($hmac !== hash_hmac('sha1', $session, $this->encryption_key)) + // Time-attack-safe comparison + $hmac_check = hash_hmac('sha1', $session, $this->encryption_key); + $diff = 0; + for ($i = 0; $i < 40; $i++) + { + $diff |= ord($hmac[$i]) ^ ord($hmac_check[$i]); + } + + if ($diff !== 0) { log_message('error', 'The session cookie data did not match what was expected.'); $this->sess_destroy(); -- cgit v1.2.3-24-g4f1b