SECURITY: Throw exception on unknown hash algorithm

To prevent a bad password configuration from accidentally allowing
users to bypass authentication, throw an exception if either hash or
hash_pbkdf2 return false.

Also, ensure md5() returned a sane hash.

Bug: T127420
Change-Id: If3664941236e4065eb8db11b0a211fd6210de631

Signed-off-by: Chad Horohoe <chadh@wikimedia.org>

diff --git a/includes/password/MWOldPassword.php b/includes/password/MWOldPassword.php
index 2150e56..84675c1 100644 (file)
--- a/includes/password/MWOldPassword.php
+++ b/includes/password/MWOldPassword.php
@@ -44,5 +44,9 @@ class MWOldPassword extends ParameterizedPassword {
                        $this->args = [];
                        $this->hash = md5( $plaintext );
                }
+
+               if ( !is_string( $this->hash ) || strlen( $this->hash ) < 32 ) {
+                       throw new PasswordError( 'Error when hashing password.' );
+               }
        }
 }

diff --git a/includes/password/MWSaltedPassword.php b/includes/password/MWSaltedPassword.php
index 26730b1..733984c 100644 (file)
--- a/includes/password/MWSaltedPassword.php
+++ b/includes/password/MWSaltedPassword.php
@@ -42,5 +42,9 @@ class MWSaltedPassword extends ParameterizedPassword {
                }
 
                $this->hash = md5( $this->args[0] . '-' . md5( $plaintext ) );
+
+               if ( !is_string( $this->hash ) || strlen( $this->hash ) < 32 ) {
+                       throw new PasswordError( 'Error when hashing password.' );
+               }
        }
 }

diff --git a/includes/password/Pbkdf2Password.php b/includes/password/Pbkdf2Password.php
index 8ef6f8d..6ffada3 100644 (file)
--- a/includes/password/Pbkdf2Password.php
+++ b/includes/password/Pbkdf2Password.php
@@ -55,8 +55,15 @@ class Pbkdf2Password extends ParameterizedPassword {
                                (int)$this->params['length'],
                                true
                        );
+                       if ( !is_string( $hash ) ) {
+                               throw new PasswordError( 'Error when hashing password.' );
+                       }
                } else {
-                       $hashLen = strlen( hash( $this->params['algo'], '', true ) );
+                       $hashLenHash = hash( $this->params['algo'], '', true );
+                       if ( !is_string( $hashLenHash ) ) {
+                               throw new PasswordError( 'Error when hashing password.' );
+                       }
+                       $hashLen = strlen( $hashLenHash );
                        $blockCount = ceil( $this->params['length'] / $hashLen );
 
                        $hash = '';