[Security] limited the password length passed to encoders

fabpot · fabpot · commit 8735ba94d675 · 2013-10-10T10:07:35.000+02:00
diff --git a/src/Symfony/Component/Security/Core/Encoder/BasePasswordEncoder.php b/src/Symfony/Component/Security/Core/Encoder/BasePasswordEncoder.php
@@ -18,6 +18,8 @@
  */
 abstract class BasePasswordEncoder implements PasswordEncoderInterface
 {
+    const MAX_PASSWORD_LENGTH = 4096;
+
     /**
      * Demerges a merge password and salt string.
      *
@@ -88,4 +90,14 @@ protected function comparePasswords($password1, $password2)
 
         return 0 === $result;
     }
+
+    /**
+     * Checks if the password is too long.
+     *
+     * @return Boolean true if the password is too long, false otherwise
+     */
+    protected function isPasswordTooLong($password)
+    {
+        return strlen($password) > self::MAX_PASSWORD_LENGTH;
+    }
 }
diff --git a/src/Symfony/Component/Security/Core/Encoder/MessageDigestPasswordEncoder.php b/src/Symfony/Component/Security/Core/Encoder/MessageDigestPasswordEncoder.php
@@ -11,6 +11,8 @@
 
 namespace Symfony\Component\Security\Core\Encoder;
 
+use Symfony\Component\Security\Core\Exception\BadCredentialsException;
+
 /**
  * MessageDigestPasswordEncoder uses a message digest algorithm.
  *
@@ -41,6 +43,10 @@ public function __construct($algorithm = 'sha512', $encodeHashAsBase64 = true, $
      */
     public function encodePassword($raw, $salt)
     {
+        if ($this->isPasswordTooLong($raw)) {
+            throw new BadCredentialsException('Invalid password.');
+        }
+
         if (!in_array($this->algorithm, hash_algos(), true)) {
             throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm));
         }
@@ -61,6 +67,6 @@ public function encodePassword($raw, $salt)
      */
     public function isPasswordValid($encoded, $raw, $salt)
     {
-        return $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));
+        return !$this->isPasswordTooLong($raw) && $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));
     }
 }
diff --git a/src/Symfony/Component/Security/Core/Encoder/PlaintextPasswordEncoder.php b/src/Symfony/Component/Security/Core/Encoder/PlaintextPasswordEncoder.php
@@ -11,6 +11,8 @@
 
 namespace Symfony\Component\Security\Core\Encoder;
 
+use Symfony\Component\Security\Core\Exception\BadCredentialsException;
+
 /**
  * PlaintextPasswordEncoder does not do any encoding.
  *
@@ -35,6 +37,10 @@ public function __construct($ignorePasswordCase = false)
      */
     public function encodePassword($raw, $salt)
     {
+        if ($this->isPasswordTooLong($raw)) {
+            throw new BadCredentialsException('Invalid password.');
+        }
+
         return $this->mergePasswordAndSalt($raw, $salt);
     }
 
@@ -43,6 +49,10 @@ public function encodePassword($raw, $salt)
      */
     public function isPasswordValid($encoded, $raw, $salt)
     {
+        if ($this->isPasswordTooLong($raw)) {
+            return false;
+        }
+
         $pass2 = $this->mergePasswordAndSalt($raw, $salt);
 
         if (!$this->ignorePasswordCase) {
diff --git a/src/Symfony/Component/Security/Tests/Core/Encoder/BasePasswordEncoderTest.php b/src/Symfony/Component/Security/Tests/Core/Encoder/BasePasswordEncoderTest.php
@@ -53,6 +53,12 @@ public function testMergePasswordAndSaltWithException()
         $this->invokeMergePasswordAndSalt('password', '{foo}');
     }
 
+    public function testIsPasswordTooLong()
+    {
+        $this->assertTrue($this->invokeIsPasswordTooLong(str_repeat('a', 10000)));
+        $this->assertFalse($this->invokeIsPasswordTooLong(str_repeat('a', 10)));
+    }
+
     protected function invokeDemergePasswordAndSalt($password)
     {
         $encoder = new PasswordEncoder();
@@ -82,4 +88,14 @@ protected function invokeComparePasswords($p1, $p2)
 
         return $m->invoke($encoder, $p1, $p2);
     }
+
+    protected function invokeIsPasswordTooLong($p)
+    {
+        $encoder = new PasswordEncoder();
+        $r = new \ReflectionObject($encoder);
+        $m = $r->getMethod('isPasswordTooLong');
+        $m->setAccessible(true);
+
+        return $m->invoke($encoder, $p);
+    }
 }
diff --git a/src/Symfony/Component/Security/Tests/Core/Encoder/MessageDigestPasswordEncoderTest.php b/src/Symfony/Component/Security/Tests/Core/Encoder/MessageDigestPasswordEncoderTest.php
@@ -42,4 +42,21 @@ public function testEncodePasswordAlgorithmDoesNotExist()
         $encoder = new MessageDigestPasswordEncoder('foobar');
         $encoder->encodePassword('password', '');
     }
+
+    /**
+     * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException
+     */
+    public function testEncodePasswordLength()
+    {
+        $encoder = new MessageDigestPasswordEncoder();
+
+        $encoder->encodePassword(str_repeat('a', 5000), 'salt');
+    }
+
+    public function testCheckPasswordLength()
+    {
+        $encoder = new MessageDigestPasswordEncoder();
+
+        $this->assertFalse($encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt'));
+    }
 }
diff --git a/src/Symfony/Component/Security/Tests/Core/Encoder/PlaintextPasswordEncoderTest.php b/src/Symfony/Component/Security/Tests/Core/Encoder/PlaintextPasswordEncoderTest.php
@@ -36,4 +36,21 @@ public function testEncodePassword()
 
         $this->assertSame('foo', $encoder->encodePassword('foo', ''));
     }
+
+    /**
+     * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException
+     */
+    public function testEncodePasswordLength()
+    {
+        $encoder = new PlaintextPasswordEncoder();
+
+        $encoder->encodePassword(str_repeat('a', 5000), 'salt');
+    }
+
+    public function testCheckPasswordLength()
+    {
+        $encoder = new PlaintextPasswordEncoder();
+
+        $this->assertFalse($encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt'));
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,8 @@`
`18`	`18`	`*/`
`19`	`19`	`abstract class BasePasswordEncoder implements PasswordEncoderInterface`
`20`	`20`	`{`
	`21`	`+ const MAX_PASSWORD_LENGTH = 4096;`
	`22`	`+`
`21`	`23`	`/**`
`22`	`24`	`* Demerges a merge password and salt string.`
`23`	`25`	`*`
`@@ -88,4 +90,14 @@ protected function comparePasswords($password1, $password2)`
`88`	`90`
`89`	`91`	`return 0 === $result;`
`90`	`92`	`}`
	`93`	`+`
	`94`	`+ /**`
	`95`	`+ * Checks if the password is too long.`
	`96`	`+ *`
	`97`	`+ * @return Boolean true if the password is too long, false otherwise`
	`98`	`+ */`
	`99`	`+ protected function isPasswordTooLong($password)`
	`100`	`+ {`
	`101`	`+ return strlen($password) > self::MAX_PASSWORD_LENGTH;`
	`102`	`+ }`
`91`	`103`	`}`
Original file line number	Diff line number	Diff line change
`@@ -11,6 +11,8 @@`
`11`	`11`
`12`	`12`	`namespace Symfony\Component\Security\Core\Encoder;`
`13`	`13`
	`14`	`+use Symfony\Component\Security\Core\Exception\BadCredentialsException;`
	`15`	`+`
`14`	`16`	`/**`
`15`	`17`	`* MessageDigestPasswordEncoder uses a message digest algorithm.`
`16`	`18`	`*`
`@@ -41,6 +43,10 @@ public function __construct($algorithm = 'sha512', $encodeHashAsBase64 = true, $`
`41`	`43`	`*/`
`42`	`44`	`public function encodePassword($raw, $salt)`
`43`	`45`	`{`
	`46`	`+ if ($this->isPasswordTooLong($raw)) {`
	`47`	`+ throw new BadCredentialsException('Invalid password.');`
	`48`	`+ }`
	`49`	`+`
`44`	`50`	`if (!in_array($this->algorithm, hash_algos(), true)) {`
`45`	`51`	`throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm));`
`46`	`52`	`}`
`@@ -61,6 +67,6 @@ public function encodePassword($raw, $salt)`
`61`	`67`	`*/`
`62`	`68`	`public function isPasswordValid($encoded, $raw, $salt)`
`63`	`69`	`{`
`64`		`- return $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));`
	`70`	`+ return !$this->isPasswordTooLong($raw) && $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));`
`65`	`71`	`}`
`66`	`72`	`}`