[TASK] Use hash_equals for timing-safe comparison of hash-values 74/55074/5
authorStefan Neufeind <typo3.neufeind@speedpartner.de>
Thu, 14 Dec 2017 13:51:32 +0000 (14:51 +0100)
committerHelmut Hummel <typo3@helhum.io>
Fri, 15 Dec 2017 15:22:18 +0000 (16:22 +0100)
commitcc9b6676fb9c8f6f9bf8a94480fa569af15fabd6
tree12245a4e76705befb077bb001c8088c018946341
parentea7f8c63f554465a7de64297d6a7592850b3abda
[TASK] Use hash_equals for timing-safe comparison of hash-values

To prevent timing-attacks on hash-comparions it is advised
to use hash_equals.

Resolves: #83329
Releases: master, 8.7
Change-Id: I7539ed27538d7d81767bfce582d568cff09d1610
Reviewed-on: https://review.typo3.org/55074
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Susanne Moog <susanne.moog@typo3.org>
Tested-by: Susanne Moog <susanne.moog@typo3.org>
Reviewed-by: Stephan GroƟberndt <stephan@grossberndt.de>
Reviewed-by: Helmut Hummel <typo3@helhum.io>
Tested-by: Helmut Hummel <typo3@helhum.io>
12 files changed:
typo3/sysext/backend/Classes/Controller/FileSystemNavigationFrameController.php
typo3/sysext/backend/Classes/Controller/FormInlineAjaxController.php
typo3/sysext/backend/Classes/Controller/LinkBrowserController.php
typo3/sysext/backend/Classes/Form/Wizard/ImageManipulationWizard.php
typo3/sysext/core/Classes/Controller/FileDumpController.php
typo3/sysext/core/Classes/FormProtection/AbstractFormProtection.php
typo3/sysext/extbase/Classes/Security/Cryptography/HashService.php
typo3/sysext/frontend/Classes/Controller/ShowImageController.php
typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php
typo3/sysext/saltedpasswords/Classes/Salt/Pbkdf2Salt.php
typo3/sysext/saltedpasswords/Classes/Salt/PhpassSalt.php
typo3/sysext/saltedpasswords/Classes/SaltedPasswordService.php