archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 14:08:47 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
php-src/ext/soap
History
Exact
Niels Dossche 8648eba93a
Fix missing randomness check and insufficient random bytes for SOAP HTTP Digest 
If php_random_bytes_throw fails, the nonce will be uninitialized, but
still sent to the server. The client nonce is intended to protect
against a malicious server. See section 5.10 and 5.12 of RFC 7616 [1],
and bullet point 2 below.

Tim pointed out that even though it's the MD5 of the nonce that gets sent,
enumerating 31 bits is trivial. So we have still a stack information leak
of 31 bits.

Furthermore, Tim found the following issues:
* The small size of cnonce might cause the server to erroneously reject
  a request due to a repeated (cnonce, nc) pair. As per the birthday
  problem 31 bits of randomness will return a duplication with 50%
  chance after less than 55000 requests and nc always starts counting at 1.
* The cnonce is intended to protect the client and password against a
  malicious server that returns a constant server nonce where the server
  precomputed a rainbow table between passwords and correct client response.
  As storage is fairly cheap, a server could precompute the client responses
  for (a subset of) client nonces and still have a chance of reversing the
  client response with the same probability as the cnonce duplication.

  Precomputing the rainbow table for all 2^31 cnonces increases the rainbow
  table size by factor 2 billion, which is infeasible. But precomputing it
  for 2^14 cnonces only increases the table size by factor 16k and the server
  would still have a 10% chance of successfully reversing a password with a
  single client request.

This patch fixes the issues by increasing the nonce size, and checking
the return value of php_random_bytes_throw(). In the process we also get
rid of the MD5 hashing of the nonce.

[1] RFC 7616: https://www.rfc-editor.org/rfc/rfc7616

Additionally:
* Fix GH-11382 add missing hash header for bin2hex
* Update NEWS

Co-authored-by: Tim Düsterhus <timwolla@php.net>
Co-authored-by: Remi Collet <remi@remirepo.net>
Co-authored-by: Pierrick Charron <pierrick@php.net>
2023-06-06 17:39:20 -05:00
..
tests Fix GH-8426: make test fail while soap extension build 2023-05-09 19:48:45 +02:00
config.m4 Normalize comments in *nix build system m4 files 2019-05-12 18:43:03 +02:00
config.w32 Remove unused Git attributes ident 2018-07-25 00:53:25 +02:00
CREDITS
php_encoding.c Move derefs into accessor macros 2021-08-20 14:15:23 +02:00
php_encoding.h Move derefs into accessor macros 2021-08-20 14:15:23 +02:00
php_http.c Fix missing randomness check and insufficient random bytes for SOAP HTTP Digest 2023-06-06 17:39:20 -05:00
php_http.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
php_packet_soap.c Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
php_packet_soap.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
php_schema.c Fixed some spaces used instead of tabs 2021-06-29 11:30:26 +02:00
php_schema.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
php_sdl.c Merge branch 'PHP-8.0' into PHP-8.1 2022-05-23 16:51:32 +02:00
php_sdl.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
php_soap.h Move derefs into accessor macros 2021-08-20 14:15:23 +02:00
php_xml.c Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
php_xml.h Update http->https in license (#6945) 2021-05-06 12:16:35 +02:00
soap.c Merge branch 'PHP-8.0' into PHP-8.1 2022-10-13 16:00:36 +02:00
soap.stub.php Slightly clean up cookies handling 2021-08-20 14:27:24 +02:00
soap_arginfo.h Slightly clean up cookies handling 2021-08-20 14:27:24 +02:00