bug #42637 [Security] Fixed TOCTOU in RememberMe cache token verifier

Ivan Kurnosov · Ivan Kurnosov · commit 8d622c29dd01 · 2022-03-24T14:02:22.000+13:00
diff --git a/Authentication/RememberMe/CacheTokenVerifier.php b/Authentication/RememberMe/CacheTokenVerifier.php
@@ -45,11 +45,11 @@ public function verifyToken(PersistentTokenInterface $token, string $tokenValue)
         }
 
         $cacheKey = $this->getCacheKey($token);
-        if (!$this->cache->hasItem($cacheKey)) {
+        $item = $this->cache->getItem($cacheKey);
+        if (!$item->isHit()) {
             return false;
         }
 
-        $item = $this->cache->getItem($cacheKey);
         $outdatedToken = $item->get();
 
         return hash_equals($outdatedToken, $tokenValue);

Original file line number	Diff line number	Diff line change
`@@ -45,11 +45,11 @@ public function verifyToken(PersistentTokenInterface $token, string $tokenValue)`
`45`	`45`	`}`
`46`	`46`
`47`	`47`	`$cacheKey = $this->getCacheKey($token);`
`48`		`- if (!$this->cache->hasItem($cacheKey)) {`
	`48`	`+ $item = $this->cache->getItem($cacheKey);`
	`49`	`+ if (!$item->isHit()) {`
`49`	`50`	`return false;`
`50`	`51`	`}`
`51`	`52`
`52`		`- $item = $this->cache->getItem($cacheKey);`
`53`	`53`	`$outdatedToken = $item->get();`
`54`	`54`
`55`	`55`	`return hash_equals($outdatedToken, $tokenValue);`