Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
project
drupal
Commits
cf939a5d
Verified
Commit
cf939a5d
authored
Jun 05, 2019
by
larowlan
Browse files
Issue
#3057314
by alexpott, chr.fritsch, larowlan: Harden hash checking in core
parent
20496dd2
Changes
4
Hide whitespace changes
Inline
Side-by-side
core/includes/bootstrap.inc
View file @
cf939a5d
...
...
@@ -679,7 +679,7 @@ function drupal_valid_test_ua($new_prefix = NULL) {
$test_hmac
=
Crypt
::
hmacBase64
(
$check_string
,
$key
);
// Since we are making a local request a 600 second time window is allowed,
// and the HMAC must match.
if
(
$time_diff
>=
0
&&
$time_diff
<=
600
&&
$hmac
===
$test_hmac
)
{
if
(
$time_diff
>=
0
&&
$time_diff
<=
600
&&
Crypt
::
hashEquals
(
$test_hmac
,
$hmac
)
)
{
$test_prefix
=
$prefix
;
}
else
{
...
...
core/modules/file/src/Element/ManagedFile.php
View file @
cf939a5d
...
...
@@ -110,7 +110,8 @@ public static function valueCallback(&$element, $input, FormStateInterface $form
// token added by $this->processManagedFile().
elseif
(
\
Drupal
::
currentUser
()
->
isAnonymous
())
{
$token
=
NestedArray
::
getValue
(
$form_state
->
getUserInput
(),
array_merge
(
$element
[
'#parents'
],
[
'file_'
.
$file
->
id
(),
'fid_token'
]));
if
(
$token
!==
Crypt
::
hmacBase64
(
'file-'
.
$file
->
id
(),
\
Drupal
::
service
(
'private_key'
)
->
get
()
.
Settings
::
getHashSalt
()))
{
$file_hmac
=
Crypt
::
hmacBase64
(
'file-'
.
$file
->
id
(),
\
Drupal
::
service
(
'private_key'
)
->
get
()
.
Settings
::
getHashSalt
());
if
(
$token
===
NULL
||
!
Crypt
::
hashEquals
(
$file_hmac
,
$token
))
{
$force_default
=
TRUE
;
break
;
}
...
...
core/modules/image/src/Controller/ImageStyleDownloadController.php
View file @
cf939a5d
...
...
@@ -109,7 +109,7 @@ public function deliver(Request $request, $scheme, ImageStyleInterface $image_st
// starts with styles/.
$valid
=
!
empty
(
$image_style
)
&&
$this
->
streamWrapperManager
->
isValidScheme
(
$scheme
);
if
(
!
$this
->
config
(
'image.settings'
)
->
get
(
'allow_insecure_derivatives'
)
||
strpos
(
ltrim
(
$target
,
'\/'
),
'styles/'
)
===
0
)
{
$valid
&=
$request
->
query
->
get
(
IMAGE_DERIVATIVE_TOKEN
)
===
$image_style
->
getPathToken
(
$image_uri
);
$valid
&=
Crypt
::
hashEquals
(
$image_style
->
getPathToken
(
$image_uri
),
$request
->
query
->
get
(
IMAGE_DERIVATIVE_TOKEN
,
''
)
);
}
if
(
!
$valid
)
{
// Return a 404 (Page Not Found) rather than a 403 (Access Denied) as the
...
...
core/modules/system/src/Controller/EntityAutocompleteController.php
View file @
cf939a5d
...
...
@@ -87,7 +87,7 @@ public function handleAutocomplete(Request $request, $target_type, $selection_ha
$selection_settings
=
$this
->
keyValue
->
get
(
$selection_settings_key
,
FALSE
);
if
(
$selection_settings
!==
FALSE
)
{
$selection_settings_hash
=
Crypt
::
hmacBase64
(
serialize
(
$selection_settings
)
.
$target_type
.
$selection_handler
,
Settings
::
getHashSalt
());
if
(
$selection_settings_hash
!==
$selection_settings_key
)
{
if
(
!
Crypt
::
hashEquals
(
$selection_settings_hash
,
$selection_settings_key
)
)
{
// Disallow access when the selection settings hash does not match the
// passed-in key.
throw
new
AccessDeniedHttpException
(
'Invalid selection settings key.'
);
...
...
larowlan
@larowlan
mentioned in commit
20ba39f7
·
Jun 04, 2019
mentioned in commit
20ba39f7
mentioned in commit 20ba39f767f6f0e25f1895ffd2dfb1ce510ac060
Toggle commit list
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment