[TASK] Use hash_equals for timing-safe comparison of hash-values 98/55098/2
authorStefan Neufeind <typo3.neufeind@speedpartner.de>
Fri, 15 Dec 2017 16:18:27 +0000 (17:18 +0100)
committerStefan Neufeind <typo3.neufeind@speedpartner.de>
Tue, 13 Feb 2018 07:56:07 +0000 (08:56 +0100)
commit8858577f54122abdbc0d628aac28f80e3a08ad4d
tree58b40418370a6926c2e13529ef029f0c26091182
parent2235b4a530ae4faee36e6518d22e8f36b2fd8dec
[TASK] Use hash_equals for timing-safe comparison of hash-values

To prevent timing-attacks on hash-comparions it is advised
to use hash_equals.

Resolves: #83329
Releases: master, 8.7
Change-Id: I7539ed27538d7d81767bfce582d568cff09d1610
Reviewed-on: https://review.typo3.org/55098
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Alexander Opitz <opitz.alexander@googlemail.com>
Reviewed-by: Stephan GroƟberndt <stephan@grossberndt.de>
Tested-by: Alexander Opitz <opitz.alexander@googlemail.com>
Reviewed-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Tested-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
13 files changed:
typo3/sysext/backend/Classes/Controller/FileSystemNavigationFrameController.php
typo3/sysext/backend/Classes/Controller/FormInlineAjaxController.php
typo3/sysext/backend/Classes/Controller/LinkBrowserController.php
typo3/sysext/backend/Classes/Controller/Wizard/ColorpickerController.php
typo3/sysext/backend/Classes/Form/Wizard/ImageManipulationWizard.php
typo3/sysext/core/Classes/Controller/FileDumpController.php
typo3/sysext/core/Classes/FormProtection/AbstractFormProtection.php
typo3/sysext/extbase/Classes/Security/Cryptography/HashService.php
typo3/sysext/frontend/Classes/Controller/ShowImageController.php
typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php
typo3/sysext/saltedpasswords/Classes/Salt/Pbkdf2Salt.php
typo3/sysext/saltedpasswords/Classes/Salt/PhpassSalt.php
typo3/sysext/saltedpasswords/Classes/SaltedPasswordService.php