[Security] limited the password length passed to encoders

fabpot · fabpot · commit c6ff85e960bf · 2013-09-23T09:15:09.000+02:00
diff --git a/Encoder/BCryptPasswordEncoder.php b/Encoder/BCryptPasswordEncoder.php
@@ -64,6 +64,8 @@ public function __construct($cost)
      */
     public function encodePassword($raw, $salt)
     {
+        $this->checkPasswordLength($raw);
+
         $options = array('cost' => $this->cost);
 
         if ($salt) {
@@ -78,6 +80,8 @@ public function encodePassword($raw, $salt)
      */
     public function isPasswordValid($encoded, $raw, $salt)
     {
+        $this->checkPasswordLength($raw);
+
         return password_verify($raw, $encoded);
     }
 }
diff --git a/Encoder/BasePasswordEncoder.php b/Encoder/BasePasswordEncoder.php
@@ -12,6 +12,7 @@
 namespace Symfony\Component\Security\Core\Encoder;
 
 use Symfony\Component\Security\Core\Util\StringUtils;
+use Symfony\Component\Security\Core\Exception\BadCredentialsException;
 
 /**
  * BasePasswordEncoder is the base class for all password encoders.
@@ -20,6 +21,8 @@
  */
 abstract class BasePasswordEncoder implements PasswordEncoderInterface
 {
+    const MAX_PASSWORD_LENGTH = 4096;
+
     /**
      * Demerges a merge password and salt string.
      *
@@ -83,4 +86,11 @@ protected function comparePasswords($password1, $password2)
     {
         return StringUtils::equals($password1, $password2);
     }
+
+    protected function checkPasswordLength($password)
+    {
+        if (strlen($password) > self::MAX_PASSWORD_LENGTH) {
+            throw new BadCredentialsException('Invalid password.');
+        }
+    }
 }
diff --git a/Encoder/MessageDigestPasswordEncoder.php b/Encoder/MessageDigestPasswordEncoder.php
@@ -41,6 +41,8 @@ public function __construct($algorithm = 'sha512', $encodeHashAsBase64 = true, $
      */
     public function encodePassword($raw, $salt)
     {
+        $this->checkPasswordLength($raw);
+
         if (!in_array($this->algorithm, hash_algos(), true)) {
             throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm));
         }
@@ -61,6 +63,8 @@ public function encodePassword($raw, $salt)
      */
     public function isPasswordValid($encoded, $raw, $salt)
     {
+        $this->checkPasswordLength($raw);
+
         return $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));
     }
 }
diff --git a/Encoder/Pbkdf2PasswordEncoder.php b/Encoder/Pbkdf2PasswordEncoder.php
@@ -54,6 +54,8 @@ public function __construct($algorithm = 'sha512', $encodeHashAsBase64 = true, $
      */
     public function encodePassword($raw, $salt)
     {
+        $this->checkPasswordLength($raw);
+
         if (!in_array($this->algorithm, hash_algos(), true)) {
             throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm));
         }
@@ -72,6 +74,8 @@ public function encodePassword($raw, $salt)
      */
     public function isPasswordValid($encoded, $raw, $salt)
     {
+        $this->checkPasswordLength($raw);
+
         return $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));
     }
 
diff --git a/Encoder/PlaintextPasswordEncoder.php b/Encoder/PlaintextPasswordEncoder.php
@@ -35,6 +35,8 @@ public function __construct($ignorePasswordCase = false)
      */
     public function encodePassword($raw, $salt)
     {
+        $this->checkPasswordLength($raw);
+
         return $this->mergePasswordAndSalt($raw, $salt);
     }
 
@@ -43,6 +45,8 @@ public function encodePassword($raw, $salt)
      */
     public function isPasswordValid($encoded, $raw, $salt)
     {
+        $this->checkPasswordLength($raw);
+
         $pass2 = $this->mergePasswordAndSalt($raw, $salt);
 
         if (!$this->ignorePasswordCase) {
diff --git a/Tests/Encoder/BCryptPasswordEncoderTest.php b/Tests/Encoder/BCryptPasswordEncoderTest.php
@@ -64,6 +64,26 @@ public function testValidation()
         $this->assertFalse($encoder->isPasswordValid($result, 'anotherPassword', null));
     }
 
+    /**
+     * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException
+     */
+    public function testEncodePasswordLength()
+    {
+        $encoder = new BCryptPasswordEncoder(4);
+
+        $encoder->encodePassword(str_repeat('a', 5000), 'salt');
+    }
+
+    /**
+     * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException
+     */
+    public function testCheckPasswordLength()
+    {
+        $encoder = new BCryptPasswordEncoder(4);
+
+        $encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt');
+    }
+
     private function skipIfPhpVersionIsNotSupported()
     {
         if (version_compare(phpversion(), '5.3.7', '<')) {
diff --git a/Tests/Encoder/MessageDigestPasswordEncoderTest.php b/Tests/Encoder/MessageDigestPasswordEncoderTest.php
@@ -42,4 +42,24 @@ public function testEncodePasswordAlgorithmDoesNotExist()
         $encoder = new MessageDigestPasswordEncoder('foobar');
         $encoder->encodePassword('password', '');
     }
+
+    /**
+     * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException
+     */
+    public function testEncodePasswordLength()
+    {
+        $encoder = new MessageDigestPasswordEncoder();
+
+        $encoder->encodePassword(str_repeat('a', 5000), 'salt');
+    }
+
+    /**
+     * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException
+     */
+    public function testCheckPasswordLength()
+    {
+        $encoder = new MessageDigestPasswordEncoder();
+
+        $encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt');
+    }
 }
diff --git a/Tests/Encoder/Pbkdf2PasswordEncoderTest.php b/Tests/Encoder/Pbkdf2PasswordEncoderTest.php
@@ -42,4 +42,24 @@ public function testEncodePasswordAlgorithmDoesNotExist()
         $encoder = new Pbkdf2PasswordEncoder('foobar');
         $encoder->encodePassword('password', '');
     }
+
+    /**
+     * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException
+     */
+    public function testEncodePasswordLength()
+    {
+        $encoder = new Pbkdf2PasswordEncoder();
+
+        $encoder->encodePassword(str_repeat('a', 5000), 'salt');
+    }
+
+    /**
+     * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException
+     */
+    public function testCheckPasswordLength()
+    {
+        $encoder = new Pbkdf2PasswordEncoder();
+
+        $encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt');
+    }
 }
diff --git a/Tests/Encoder/PlaintextPasswordEncoderTest.php b/Tests/Encoder/PlaintextPasswordEncoderTest.php
@@ -36,4 +36,24 @@ public function testEncodePassword()
 
         $this->assertSame('foo', $encoder->encodePassword('foo', ''));
     }
+
+    /**
+     * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException
+     */
+    public function testEncodePasswordLength()
+    {
+        $encoder = new PlaintextPasswordEncoder();
+
+        $encoder->encodePassword(str_repeat('a', 5000), 'salt');
+    }
+
+    /**
+     * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException
+     */
+    public function testCheckPasswordLength()
+    {
+        $encoder = new PlaintextPasswordEncoder();
+
+        $encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt');
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -64,6 +64,8 @@ public function __construct($cost)`
`64`	`64`	`*/`
`65`	`65`	`public function encodePassword($raw, $salt)`
`66`	`66`	`{`
	`67`	`+ $this->checkPasswordLength($raw);`
	`68`	`+`
`67`	`69`	`$options = array('cost' => $this->cost);`
`68`	`70`
`69`	`71`	`if ($salt) {`
`@@ -78,6 +80,8 @@ public function encodePassword($raw, $salt)`
`78`	`80`	`*/`
`79`	`81`	`public function isPasswordValid($encoded, $raw, $salt)`
`80`	`82`	`{`
	`83`	`+ $this->checkPasswordLength($raw);`
	`84`	`+`
`81`	`85`	`return password_verify($raw, $encoded);`
`82`	`86`	`}`
`83`	`87`	`}`
Original file line number	Diff line number	Diff line change
`@@ -12,6 +12,7 @@`
`12`	`12`	`namespace Symfony\Component\Security\Core\Encoder;`
`13`	`13`
`14`	`14`	`use Symfony\Component\Security\Core\Util\StringUtils;`
	`15`	`+use Symfony\Component\Security\Core\Exception\BadCredentialsException;`
`15`	`16`
`16`	`17`	`/**`
`17`	`18`	`* BasePasswordEncoder is the base class for all password encoders.`
`@@ -20,6 +21,8 @@`
`20`	`21`	`*/`
`21`	`22`	`abstract class BasePasswordEncoder implements PasswordEncoderInterface`
`22`	`23`	`{`
	`24`	`+ const MAX_PASSWORD_LENGTH = 4096;`
	`25`	`+`
`23`	`26`	`/**`
`24`	`27`	`* Demerges a merge password and salt string.`
`25`	`28`	`*`
`@@ -83,4 +86,11 @@ protected function comparePasswords($password1, $password2)`
`83`	`86`	`{`
`84`	`87`	`return StringUtils::equals($password1, $password2);`
`85`	`88`	`}`
	`89`	`+`
	`90`	`+ protected function checkPasswordLength($password)`
	`91`	`+ {`
	`92`	`+ if (strlen($password) > self::MAX_PASSWORD_LENGTH) {`
	`93`	`+ throw new BadCredentialsException('Invalid password.');`
	`94`	`+ }`
	`95`	`+ }`
`86`	`96`	`}`
Original file line number	Diff line number	Diff line change
`@@ -41,6 +41,8 @@ public function __construct($algorithm = 'sha512', $encodeHashAsBase64 = true, $`
`41`	`41`	`*/`
`42`	`42`	`public function encodePassword($raw, $salt)`
`43`	`43`	`{`
	`44`	`+ $this->checkPasswordLength($raw);`
	`45`	`+`
`44`	`46`	`if (!in_array($this->algorithm, hash_algos(), true)) {`
`45`	`47`	`throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm));`
`46`	`48`	`}`
`@@ -61,6 +63,8 @@ public function encodePassword($raw, $salt)`
`61`	`63`	`*/`
`62`	`64`	`public function isPasswordValid($encoded, $raw, $salt)`
`63`	`65`	`{`
	`66`	`+ $this->checkPasswordLength($raw);`
	`67`	`+`
`64`	`68`	`return $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));`
`65`	`69`	`}`
`66`	`70`	`}`
Original file line number	Diff line number	Diff line change
`@@ -54,6 +54,8 @@ public function __construct($algorithm = 'sha512', $encodeHashAsBase64 = true, $`
`54`	`54`	`*/`
`55`	`55`	`public function encodePassword($raw, $salt)`
`56`	`56`	`{`
	`57`	`+ $this->checkPasswordLength($raw);`
	`58`	`+`
`57`	`59`	`if (!in_array($this->algorithm, hash_algos(), true)) {`
`58`	`60`	`throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm));`
`59`	`61`	`}`
`@@ -72,6 +74,8 @@ public function encodePassword($raw, $salt)`
`72`	`74`	`*/`
`73`	`75`	`public function isPasswordValid($encoded, $raw, $salt)`
`74`	`76`	`{`
	`77`	`+ $this->checkPasswordLength($raw);`
	`78`	`+`
`75`	`79`	`return $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));`
`76`	`80`	`}`
`77`	`81`
Original file line number	Diff line number	Diff line change
`@@ -35,6 +35,8 @@ public function __construct($ignorePasswordCase = false)`
`35`	`35`	`*/`
`36`	`36`	`public function encodePassword($raw, $salt)`
`37`	`37`	`{`
	`38`	`+ $this->checkPasswordLength($raw);`
	`39`	`+`
`38`	`40`	`return $this->mergePasswordAndSalt($raw, $salt);`
`39`	`41`	`}`
`40`	`42`
`@@ -43,6 +45,8 @@ public function encodePassword($raw, $salt)`
`43`	`45`	`*/`
`44`	`46`	`public function isPasswordValid($encoded, $raw, $salt)`
`45`	`47`	`{`
	`48`	`+ $this->checkPasswordLength($raw);`
	`49`	`+`
`46`	`50`	`$pass2 = $this->mergePasswordAndSalt($raw, $salt);`
`47`	`51`
`48`	`52`	`if (!$this->ignorePasswordCase) {`