Commit 46e53dca authored by Oliver Hader's avatar Oliver Hader Committed by Oliver Hader
Browse files

[TASK] Use hash_equals when comparing cryptographic hash values

Direct hash comparison is replaced by cryptographic-safe `hash_equals`.
Changes in this patch set basically don't have much impact regarding
security aspects. This is a preparation for starting with RIPS scanner.

Resolves: #91565
Releases: master, 10.4, 9.5
Change-Id: I5666e586b6b6b462f7864a597139763fd2cd2f98
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64775


Tested-by: default avatarTYPO3com <noreply@typo3.com>
Tested-by: Oliver Hader's avatarOliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader's avatarOliver Hader <oliver.hader@typo3.org>
parent ee347761
......@@ -80,7 +80,7 @@ class TerUtility
throw new ExtensionManagerException('Decoding Error: No decompressor available for compressed content. gzcompress()/gzuncompress() functions are not available!', 1344761814);
}
}
if (md5($parts[2]) === $parts[0]) {
if (hash_equals($parts[0], md5($parts[2]))) {
$output = unserialize($parts[2], ['allowed_classes' => false]);
if (!is_array($output)) {
throw new ExtensionManagerException('Error: Content could not be unserialized to an array. Strange (since MD5 hashes match!)', 1344761938);
......
......@@ -101,7 +101,7 @@ class FrontendUserAuthenticator implements MiddlewareInterface
): ServerRequestInterface {
[$sessionId, $hash] = explode('-', $frontendSessionKey);
// If the session key hash check is OK, set the cookie
if (md5($sessionId . '/' . $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey']) === (string)$hash) {
if (hash_equals(md5($sessionId . '/' . $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey']), (string)$hash)) {
$cookieName = FrontendUserAuthentication::getCookieName();
// keep the global cookie overwriting for now, as long as FrontendUserAuthentication does not
......
......@@ -1559,7 +1559,7 @@ class Import extends ImportExport
}
GeneralUtility::writeFile($fileName, $this->dat['files'][$fileID]['content']);
$this->fileIDMap[$fileID] = $fileName;
if (md5(file_get_contents($fileName)) == $this->dat['files'][$fileID]['content_md5']) {
if (hash_equals(md5(file_get_contents($fileName)), $this->dat['files'][$fileID]['content_md5'])) {
return true;
}
$this->error('ERROR: File content "' . $fileName . '" was corrupted');
......@@ -1692,7 +1692,7 @@ class Import extends ImportExport
}
$datString = fread($fd, (int)$initStrDat[2]);
fread($fd, 1);
if (md5($datString) === $initStrDat[0]) {
if (hash_equals($initStrDat[0], md5($datString))) {
if ($initStrDat[1]) {
if ($this->compress) {
$datString = gzuncompress($datString);
......@@ -1745,7 +1745,7 @@ class Import extends ImportExport
}
$datString = substr($filecontent, $pointer, (int)$initStrDat[2]);
$pointer += (int)$initStrDat[2] + 1;
if (md5($datString) === $initStrDat[0]) {
if (hash_equals($initStrDat[0], md5($datString))) {
if ($initStrDat[1]) {
if ($this->compress) {
$datString = gzuncompress($datString);
......
......@@ -236,7 +236,7 @@ class CleanFlexFormsCommand extends Command
if ($fullRecord[$columnName]) {
// Clean XML and check against the record fetched from the database
$newXML = $flexObj->cleanFlexFormXML($tableName, $columnName, $fullRecord);
if (md5($fullRecord[$columnName]) !== md5($newXML)) {
if (!hash_equals(md5($fullRecord[$columnName]), md5($newXML))) {
$dirtyFlexFormFields[$tableName . ':' . $uid . ':' . $columnName] = $fullRecord;
}
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment