diff options
| author | Coda Hale <coda.hale@gmail.com> | 2009-08-13 10:03:08 -0700 |
|---|---|---|
| committer | Michael Koziarski <michael@koziarski.com> | 2009-09-04 09:25:38 +1200 |
| commit | 5e6dab8b34152bc48c89032d20e5bda1511e28fb (patch) | |
| tree | e07e5aaab885d847f4cdf7006b55fb0601d3b676 | |
| parent | bd97c3044a7b135f5b84f38c3dbdce2ccc793f70 (diff) | |
| download | rails-5e6dab8b34152bc48c89032d20e5bda1511e28fb.tar.gz rails-5e6dab8b34152bc48c89032d20e5bda1511e28fb.tar.bz2 rails-5e6dab8b34152bc48c89032d20e5bda1511e28fb.zip | |
Fix timing attack vulnerability in ActiveSupport::MessageVerifier.
Use a constant-time comparison algorithm to compare the candidate HMAC with the calculated HMAC to prevent leaking information about the calculated HMAC.
Signed-off-by: Michael Koziarski <michael@koziarski.com>
| -rw-r--r-- | activesupport/lib/active_support/message_verifier.rb | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/activesupport/lib/active_support/message_verifier.rb b/activesupport/lib/active_support/message_verifier.rb index b24acb9f47..aae5a3416d 100644 --- a/activesupport/lib/active_support/message_verifier.rb +++ b/activesupport/lib/active_support/message_verifier.rb @@ -25,10 +25,10 @@ module ActiveSupport def verify(signed_message) data, digest = signed_message.split("--") - if digest != generate_digest(data) - raise InvalidSignature - else + if secure_compare(digest, generate_digest(data)) Marshal.load(ActiveSupport::Base64.decode64(data)) + else + raise InvalidSignature end end @@ -38,6 +38,19 @@ module ActiveSupport end private + # constant-time comparison algorithm to prevent timing attacks + def secure_compare(a, b) + if a.length == b.length + result = 0 + for i in 0..(a.length - 1) + result |= a[i] ^ b[i] + end + result == 0 + else + false + end + end + def generate_digest(data) require 'openssl' unless defined?(OpenSSL) OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new(@digest), @secret, data) |