diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Security/Core] add fast path when encoded password cannot match anything

Browse Source
This commit is contained in:
Nicolas Grekas 2019-10-27 10:41:22 +01:00
parent bfd308ff4a
commit c57f8f7f93
2 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/Symfony/Component/Security/Core/Encoder/MessageDigestPasswordEncoder.php
View File

@ -22,7 +22,8 @@ class MessageDigestPasswordEncoder extends BasePasswordEncoder
{ {
private $algorithm; private $algorithm;
private $encodeHashAsBase64; private $encodeHashAsBase64;
private $iterations; private $iterations = 0;
private $encodedLength = -1;
/** /**
* @param string $algorithm The digest algorithm to use * @param string $algorithm The digest algorithm to use
@ -33,6 +34,13 @@ class MessageDigestPasswordEncoder extends BasePasswordEncoder
{ {
$this->algorithm = $algorithm; $this->algorithm = $algorithm;
$this->encodeHashAsBase64 = $encodeHashAsBase64; $this->encodeHashAsBase64 = $encodeHashAsBase64;
try {
$this->encodedLength = \strlen($this->encodePassword('', 'salt'));
} catch (\LogicException $e) {
// ignore algorithm not supported
}
$this->iterations = $iterations; $this->iterations = $iterations;
} }
@ -65,6 +73,10 @@ class MessageDigestPasswordEncoder extends BasePasswordEncoder
*/ */
public function isPasswordValid($encoded, $raw, $salt) public function isPasswordValid($encoded, $raw, $salt)
{ {
if (\strlen($encoded) !== $this->encodedLength || false !== strpos($encoded, '$')) {
return false;
}
return !$this->isPasswordTooLong($raw) && $this->comparePasswords($encoded, $this->encodePassword($raw, $salt)); return !$this->isPasswordTooLong($raw) && $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));
} }
} }

6
src/Symfony/Component/Security/Core/Encoder/Pbkdf2PasswordEncoder.php
View File

@ -32,6 +32,7 @@ class Pbkdf2PasswordEncoder extends BasePasswordEncoder
private $encodeHashAsBase64; private $encodeHashAsBase64;
private $iterations; private $iterations;
private $length; private $length;
private $encodedLength;
/** /**
* @param string $algorithm The digest algorithm to use * @param string $algorithm The digest algorithm to use
@ -45,6 +46,7 @@ class Pbkdf2PasswordEncoder extends BasePasswordEncoder
$this->encodeHashAsBase64 = $encodeHashAsBase64; $this->encodeHashAsBase64 = $encodeHashAsBase64;
$this->iterations = $iterations; $this->iterations = $iterations;
$this->length = $length; $this->length = $length;
$this->encodedLength = $encodeHashAsBase64 ? intdiv($length + 2, 3) << 2 : ($length << 1);
} }
/** /**
@ -72,6 +74,10 @@ class Pbkdf2PasswordEncoder extends BasePasswordEncoder
*/ */
public function isPasswordValid($encoded, $raw, $salt) public function isPasswordValid($encoded, $raw, $salt)
{ {
if ((0 < $this->length && \strlen($encoded) !== $this->encodedLength) || false !== strpos($encoded, '$')) {
return false;
}
return !$this->isPasswordTooLong($raw) && $this->comparePasswords($encoded, $this->encodePassword($raw, $salt)); return !$this->isPasswordTooLong($raw) && $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));
} }
} }