Skip to content

Fix #78516: password_hash(): Memory cost is outside of allowed memory…#4695

Closed
cmb69 wants to merge 5 commits intophp:PHP-7.4from
cmb69:fix-78516
Closed

Fix #78516: password_hash(): Memory cost is outside of allowed memory…#4695
cmb69 wants to merge 5 commits intophp:PHP-7.4from
cmb69:fix-78516

Conversation

@cmb69
Copy link
Member

@cmb69 cmb69 commented Sep 10, 2019

… range

libsodium measures the memory cost in bytes, while password_hash() and
friends expect kibibyte values. We have to properly map between these
scales not only when calling libsodium functions, but also when
checking for allowed values.

cc @sgolemon

@cmb69
Fix #78516: password_hash(): Memory cost is outside of allowed memory…
ad6c899 
… range

libsodium measures the memory cost in bytes, while password_hash() and
friends expect kibibyte values.  We have to properly map between these
scales not only when calling libsodium functions, but also when
checking for allowed values.
remicollet
remicollet approved these changes Sep 10, 2019
View reviewed changes
Copy link
Member

@remicollet remicollet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Girgias
Girgias reviewed Sep 10, 2019
View reviewed changes
@cmb69
Copy link
Member Author

cmb69 commented Sep 10, 2019

Unless there are objections, I'll merge this PR on next Monday (so that it makes it into PHP 7.4.0RC2).

nikic
nikic reviewed Sep 11, 2019
View reviewed changes
nikic
nikic reviewed Sep 14, 2019
View reviewed changes
nikic
nikic reviewed Sep 14, 2019
View reviewed changes
ext/sodium/sodium_pwhash.c Outdated
const char* p = NULL;
zend_long v = 0, threads = 1;
zend_long memory_cost = PHP_SODIUM_PWHASH_MEMLIMIT;
zend_long memory_cost = PHP_SODIUM_PWHASH_MEMLIMIT << 10;
Copy link
Member

@nikic nikic Sep 14, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this one is right. It shouldn't really happen anyway (that means that the sscanf failed and the hash is essentially corrupt), but if in this context memory_cost shouldn't by multiplied by 1k, I think

Copy link
Member Author

@cmb69 cmb69 Sep 14, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, you're right.

It seems to me that we should catch failing sscanf() here. Otherwise password_needs_rehash() may return true, although password_get_info() returns values which wouldn't indicate that.

@cmb69
Copy link
Member Author

cmb69 commented Sep 16, 2019

Applied as 145ffd9. Thanks!

@cmb69 cmb69 closed this Sep 16, 2019
@cmb69 cmb69 deleted the fix-78516 branch September 16, 2019 13:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nikic nikic nikic left review comments

@Girgias Girgias Girgias left review comments

@remicollet remicollet remicollet approved these changes

Assignees

No one assigned

Labels

Bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@cmb69 @nikic @remicollet @Girgias @carusogabriel