Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

PasswordEncoderUtils do not leak length 

Enforce constant time even when expectedLength != actualLength.

Fixes gh-255
This commit is contained in:
avri-schneider 2016-01-18 18:44:47 +02:00 committed by Rob Winch
parent dc9f9b140f
commit a98389fa98
1 changed files with 12 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
core/src/main/java/org/springframework/security/authentication/encoding/PasswordEncoderUtils.java
View File

@ -33,15 +33,18 @@ class PasswordEncoderUtils {
static boolean equals(String expected, String actual) {
byte[] expectedBytes = bytesUtf8(expected);
byte[] actualBytes = bytesUtf8(actual);
int expectedLength = expectedBytes == null ? -1 : expectedBytes.length;
int actualLength = actualBytes == null ? -1 : actualBytes.length;
if (expectedLength != actualLength) {
return false;
}
int expectedLength = expectedBytes == null ? 0 : expectedBytes.length;
int actualLength = actualBytes == null ? 0 : actualBytes.length;
byte[] tmpBytes = new byte[1];
int result = (expectedLength != actualLength) ? 1 : 0;
tmpBytes[0] = (byte) 0xFF; // value is ignored, just initializing.
result |= ((expectedBytes == null && actualBytes != null) || (expectedBytes != null && actualBytes == null)) ? 1 : 0;
expectedBytes = (expectedBytes == null ? expectedBytes : tmpBytes);
int result = 0;
for (int i = 0; i < expectedLength; i++) {
result |= expectedBytes[i] ^ actualBytes[i];
for (int i = 0; i < actualLength; i++) {
result |= expectedBytes[i % (expectedLength!=0?expectedLength:1)] ^ actualBytes[i % actualLength];
}
return result == 0;
}
@ -51,7 +54,7 @@ class PasswordEncoderUtils {
return null;
}
return Utf8.encode(s);
return Utf8.encode(s); // need to check if Utf8.encode() runs in constant time (probably not). This may leak length of string.
}
private PasswordEncoderUtils() {