You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by lu...@apache.org on 2010/10/01 03:10:48 UTC
svn commit: r1003345 -
/myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java
Author: lu4242
Date: Fri Oct 1 01:10:48 2010
New Revision: 1003345
URL: http://svn.apache.org/viewvc?rev=1003345&view=rev
Log:
MYFACES-2934 Side-channel timing attack in StateUtils class may still allow padding oracle attack
Modified:
myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java
Modified: myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java
URL: http://svn.apache.org/viewvc/myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java?rev=1003345&r1=1003344&r2=1003345&view=diff
==============================================================================
--- myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java (original)
+++ myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java Fri Oct 1 01:10:48 2010
@@ -475,7 +475,13 @@ public final class StateUtils {
if (signedDigestHash[i] != secure[secure.length-macLenght+i])
{
isMacEqual = false;
- break;
+ // MYFACES-2934 Must compare *ALL* bytes of the hash,
+ // otherwise a side-channel timing attack is theorically possible
+ // but with a very very low probability, because the
+ // comparison time is too small to be measured compared to
+ // the overall request time and in real life applications,
+ // there are too many uncertainties involved.
+ //break;
}
}
if (!isMacEqual)