Time attack protection on hmac comparison

This fixes issue 2.7 of https://defuse.ca/audits/zerobin.htm, and thus (with commit a24212afda90ca3e4b4ff5ce30d2012709b58a28) also issue 2.8. (cherry picked from commit 0b4db7ece313dd268e51fc47a0293a649927558a) Conflicts: index.php
2014-02-06 22:52:17 +01:00
parent daf5522b1e
commit 43a439e7d0
6 changed files with 135 additions and 58 deletions
--- a/lib/filter.php
+++ b/lib/filter.php
@@ -50,4 +50,35 @@ class filter
        }
        return number_format($size, ($i ? 2 : 0), '.', ' ') . ' ' . $iec[$i];
    }
+
+    /**
+     * validate paste ID
+     *
+     * @access public
+     * @param  string $dataid
+     * @return bool
+     */
+    public static function is_valid_paste_id($dataid)
+    {
+        return (bool) preg_match('#\A[a-f\d]{16}\z#', $dataid);
+    }
+
+    /**
+     * fixed time string comparison operation to prevent timing attacks
+     * https://crackstation.net/hashing-security.htm?=rd#slowequals
+     *
+     * @access public
+     * @param  string $a
+     * @param  string $b
+     * @return bool
+     */
+    public static function slow_equals($a, $b)
+    {
+        $diff = strlen($a) ^ strlen($b);
+        for($i = 0; $i < strlen($a) && $i < strlen($b); $i++)
+        {
+            $diff |= ord($a[$i]) ^ ord($b[$i]);
+        }
+        return $diff === 0;
+     }
 }