Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Pbkdf2Password: Fix error handling on PHP 8

Browse source 
With PHP 8, the hash_pbkdf2 function raises a ValueError when invoked with an
unknown algorithm, as opposed to its previous behavior where it would raise an
E_WARNING and return a non-string value.

This patch updates the Pbkdf2Password class to handle this exception and
re-throw it as our PasswordError exception. It also adds a Phan stub for the
ValueError exception if it is not defined to avoid superfluous analysis errors.

Bug: T248925
Change-Id: I7e0ec4e95598af27fee8282c7e53bca5378e506a
This commit is contained in:
Máté Szabó 2020-04-07 18:08:23 +02:00
parent 68e0ff3f64
commit a80631ea0c
3 changed files with 24 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.phan/config.php
View file

@ -26,6 +26,7 @@ $cfg['file_list'] = array_merge(
class_exists( PEAR::class ) ? [] : [ '.phan/stubs/mail.php' ], class_exists( PEAR::class ) ? [] : [ '.phan/stubs/mail.php' ],
defined( 'PASSWORD_ARGON2ID' ) ? [] : [ '.phan/stubs/password.php' ], defined( 'PASSWORD_ARGON2ID' ) ? [] : [ '.phan/stubs/password.php' ],
class_exists( ExcimerProfiler::class ) ? [] : [ '.phan/stubs/excimer.php' ], class_exists( ExcimerProfiler::class ) ? [] : [ '.phan/stubs/excimer.php' ],
class_exists( ValueError::class ) ? [] : [ '.phan/stubs/ValueError.php' ],
[ [
// This makes constants and globals known to Phan before processing all other files. // This makes constants and globals known to Phan before processing all other files.
// You can check the parser order with --dump-parsed-file-list // You can check the parser order with --dump-parsed-file-list

6
.phan/stubs/ValueError.php Normal file
View file

@ -0,0 +1,6 @@
<?php
// Stub for PHP 8's ValueError exception
class ValueError extends Error {
}

27
includes/password/Pbkdf2Password.php
View file

@ -48,16 +48,23 @@ class Pbkdf2Password extends ParameterizedPassword {
$this->args[] = base64_encode( random_bytes( 16 ) ); $this->args[] = base64_encode( random_bytes( 16 ) );
} }
$hash = hash_pbkdf2( try {
$this->params['algo'], $hash = hash_pbkdf2(
$password, $this->params['algo'],
base64_decode( $this->args[0] ), $password,
(int)$this->params['rounds'], base64_decode( $this->args[0] ),
(int)$this->params['length'], (int)$this->params['rounds'],
true (int)$this->params['length'],
); true
if ( !is_string( $hash ) ) { );
throw new PasswordError( 'Error when hashing password.' );
// PHP < 8 raises a warning in case of an error, such as unknown algorithm...
if ( !is_string( $hash ) ) {
throw new PasswordError( 'Error when hashing password.' );
}
} catch ( ValueError $e ) {
// ...while PHP 8 throws ValueError
throw new PasswordError( 'Error when hashing password.', 0, $e );
} }
$this->hash = base64_encode( $hash ); $this->hash = base64_encode( $hash );