Homec4science

Use phutil_hashes_are_identical() when comparing hashes in Phabricator

Authored by epriestley <git@epriestley.com> on Sep 2 2015, 00:52.

Description

Use phutil_hashes_are_identical() when comparing hashes in Phabricator

Summary: See D14025. In all cases where we compare hashes, use strict, constant-time comparisons.

Test Plan: Logged in, logged out, added TOTP, ran Conduit, terminated sessions, submitted forms, changed password. Tweaked CSRF token, got rejected.

Reviewers: chad

Reviewed By: chad

Subscribers: chenxiruanhai

Differential Revision: https://secure.phabricator.com/D14026

Details

Committed
epriestley <git@epriestley.com>Sep 2 2015, 00:52
Pushed
aubortJan 31 2017, 17:16
Parents
rPH13516cf35f03: Fix an issue with "packages(...)" in typeaheads
Branches
Unknown
Tags
Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPH29948eaa5bd2: Use phutil_hashes_are_identical() when comparing hashes in Phabricator (authored by epriestley <git@epriestley.com>).Sep 2 2015, 00:52