mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix CSRF token generation / validation 

Operate on raw bytes instead of base64-encoded strings.
Issue was introduced in a977465

Signed-off-by: Leon Klingele <git@leonklingele.de>
This commit is contained in:
Leon Klingele 2016-10-31 18:22:42 +01:00
parent 42b0a0d2af
commit e5d78a3523
No known key found for this signature in database
GPG Key ID: 83AEC0FEBAA5D483
3 changed files with 15 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/private/Security/CSRF/CsrfToken.php
View File

@ -51,8 +51,8 @@ class CsrfToken {
*/
public function getEncryptedValue() {
if($this->encryptedValue === '') {
$sharedSecret = base64_encode(random_bytes(strlen($this->value)));
$this->encryptedValue = base64_encode($this->value ^ $sharedSecret) . ':' . $sharedSecret;
$sharedSecret = random_bytes(strlen($this->value));
$this->encryptedValue = base64_encode($this->value ^ $sharedSecret) . ':' . base64_encode($sharedSecret);
}
return $this->encryptedValue;
@ -71,6 +71,6 @@ class CsrfToken {
}
$obfuscatedToken = $token[0];
$secret = $token[1];
return base64_decode($obfuscatedToken) ^ $secret;
return base64_decode($obfuscatedToken) ^ base64_decode($secret);
}
}

8
tests/lib/Security/CSRF/CsrfTokenManagerTest.php
View File

@ -137,15 +137,19 @@ class CsrfTokenManagerTest extends \Test\TestCase {
}
public function testIsTokenValidWithValidToken() {
$a = 'abc';
$b = 'def';
$xorB64 = 'BQcF';
$tokenVal = sprintf('%s:%s', $xorB64, base64_encode($a));
$this->storageInterface
->expects($this->once())
->method('hasToken')
->willReturn(true);
$token = new \OC\Security\CSRF\CsrfToken('XlQhHjgWCgBXAEI0Khl+IQEiCXN2LUcDHAQTQAc1HQs=:qgkUlg8l3m8WnkOG4XM9Az33pAt1vSVMx4hcJFsxdqc=');
$token = new \OC\Security\CSRF\CsrfToken($tokenVal);
$this->storageInterface
->expects($this->once())
->method('getToken')
->willReturn('/3JKTq2ldmzcDr1f5zDJ7Wt0lEgqqfKF');
->willReturn($b);
$this->assertSame(true, $this->csrfTokenManager->isTokenValid($token));
}

8
tests/lib/Security/CSRF/CsrfTokenTest.php
View File

@ -36,7 +36,11 @@ class CsrfTokenTest extends \Test\TestCase {
}
public function testGetDecryptedValue() {
$csrfToken = new \OC\Security\CSRF\CsrfToken('XlQhHjgWCgBXAEI0Khl+IQEiCXN2LUcDHAQTQAc1HQs=:qgkUlg8l3m8WnkOG4XM9Az33pAt1vSVMx4hcJFsxdqc=');
$this->assertSame('/3JKTq2ldmzcDr1f5zDJ7Wt0lEgqqfKF', $csrfToken->getDecryptedValue());
$a = 'abc';
$b = 'def';
$xorB64 = 'BQcF';
$tokenVal = sprintf('%s:%s', $xorB64, base64_encode($a));
$csrfToken = new \OC\Security\CSRF\CsrfToken($tokenVal);
$this->assertSame($b, $csrfToken->getDecryptedValue());
}
}