In Php.net see a version, but there are a lot of downvotes, do not know why.
if(!function_exists('hash_equals')) { function hash_equals($str1, $str2) { if(strlen($str1) != strlen($str2)) { return false; } else { $res = $str1 ^ $str2; $ret = 0; for($i = strlen($res) - 1; $i >= 0; $i--) $ret |= ord($res[$i]); return !$ret; } }}
If this function is really bad, please explain why, it is best to give alternative solutions, thank you.
From StackOverflow see it as follows:
PHP_FUNCTION(hash_equals){ /* ... */ if (Z_STRLEN_P(known_zval) != Z_STRLEN_P(user_zval)) { RETURN_FALSE; } /* ... */ /* This is security sensitive code. Do not optimize this for speed. */ for (j = 0; j < Z_STRLEN_P(known_zval); j++) { result |= known_str[j] ^ user_str[j]; } RETURN_BOOL(0 == result);}
Looks like there's nothing on the Polyfill.
Reply content:
In Php.net see a version, but there are a lot of downvotes, do not know why.
if(!function_exists('hash_equals')) { function hash_equals($str1, $str2) { if(strlen($str1) != strlen($str2)) { return false; } else { $res = $str1 ^ $str2; $ret = 0; for($i = strlen($res) - 1; $i >= 0; $i--) $ret |= ord($res[$i]); return !$ret; } }}
If this function is really bad, please explain why, it is best to give alternative solutions, thank you.
From StackOverflow see it as follows:
PHP_FUNCTION(hash_equals){ /* ... */ if (Z_STRLEN_P(known_zval) != Z_STRLEN_P(user_zval)) { RETURN_FALSE; } /* ... */ /* This is security sensitive code. Do not optimize this for speed. */ for (j = 0; j < Z_STRLEN_P(known_zval); j++) { result |= known_str[j] ^ user_str[j]; } RETURN_BOOL(0 == result);}
Looks like there's nothing on the Polyfill.
Because the type is not strict, it can be exploited if an attacker is able to control the type of the argument in some way
php
function bug_hash_equals($str1, $str2) { if(strlen($str1) != strlen($str2)) { return false; } else { $res = $str1 ^ $str2; $ret = 0; for($i = strlen($res) - 1; $i >= 0; $i--) $ret |= ord($res[$i]); return !$ret; }}var_dump(bug_hash_equals('aaabbb', 0.0001));//true
http://sandbox.onlinephpfunctions.com/code/e7c978d047486534441403a88680cefb85b1a48c