wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack.
Index: trunk/src/wp-includes/compat.php
===================================================================
--- a/trunk/src/wp-includes/compat.php
+++ b/trunk/src/wp-includes/compat.php
@@ -95,2 +95,31 @@
}
}
+
+if ( ! function_exists( 'hash_equals' ) ) :
+/**
+ * Compare two strings in constant time.
+ *
+ * This function was added in PHP 5.6.
+ * It can leak the length of a string.
+ *
+ * @since 3.9.2
+ *
+ * @param string $a Expected string.
+ * @param string $b Actual string.
+ * @return bool Whether strings are equal.
+ */
+function hash_equals( $a, $b ) {
+ $a_length = strlen( $a );
+ if ( $a_length !== strlen( $b ) ) {
+ return false;
+ }
+ $result = 0;
+
+ // Do not attempt to "optimize" this.
+ for ( $i = 0; $i < $a_length; $i++ ) {
+ $result |= ord( $a[ $i ] ) ^ ord( $b[ $i ] );
+ }
+
+ return $result === 0;
+}
+endif;
wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack.
Index: trunk/src/wp-includes/pluggable.php
===================================================================
--- a/trunk/src/wp-includes/pluggable.php
+++ b/trunk/src/wp-includes/pluggable.php
@@ -672,5 +672,5 @@
$hash = hash_hmac( 'sha256', $username . '|' . $expiration . '|' . $token, $key );
- if ( hash_hmac( 'sha256', $hmac, $key ) !== hash_hmac( 'sha256', $hash, $key ) ) {
+ if ( ! hash_equals( $hash, $hmac ) ) {
/**
* Fires if a bad authentication cookie hash is encountered.
@@ -1712,10 +1712,12 @@
// Nonce generated 0-12 hours ago
- if ( $nonce === substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce'), -12, 10 ) ) {
+ $expected = substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce'), -12, 10 );
+ if ( hash_equals( $expected, $nonce ) ) {
return 1;
}
// Nonce generated 12-24 hours ago
- if ( $nonce === substr( wp_hash( ( $i - 1 ) . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 ) ) {
+ $expected = substr( wp_hash( ( $i - 1 ) . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 );
+ if ( hash_equals( $expected, $nonce ) ) {
return 2;
}