From e2bceaefe6b4723230fd33a30e11c1c927712998 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sat, 18 Jul 2015 10:05:34 -0400
Subject: [PATCH] Support more secure hashing algorithms for auth cookie - configurable by PHP's session.hash_function (#1490403)

---
 program/lib/Roundcube/rcube_session.php |   57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++---
 1 files changed, 54 insertions(+), 3 deletions(-)

diff --git a/program/lib/Roundcube/rcube_session.php b/program/lib/Roundcube/rcube_session.php
index 2d26ad6..86316f9 100644
--- a/program/lib/Roundcube/rcube_session.php
+++ b/program/lib/Roundcube/rcube_session.php
@@ -628,15 +628,66 @@
     }
 
     /**
-     * Create session cookie from session data
+     * Create session cookie from session data.
+     * The cookie will be hashed using a method defined by session.hash_function.
      *
      * @param int Time slot to use
+     *
      * @return string
      */
-    function _mkcookie($timeslot)
+    protected function _mkcookie($timeslot)
     {
         $auth_string = "$this->key,$this->secret,$timeslot";
-        return "S" . (function_exists('sha1') ? sha1($auth_string) : md5($auth_string));
+        $hash_method = (string) ini_get('session.hash_function');
+        $hash_nbits  = (int) ini_get('session.hash_bits_per_character');
+
+        if (!$hash_method) {
+            $hash_method = 'md5';
+        }
+        else if ($hash_method === '1') {
+            $hash_method = 'sha1';
+        }
+
+        if ($hash_nbits < 4 || $hash_nbits > 6) {
+            $hash_nbits = 4;
+        }
+
+        // Hash the authentication string
+        $hash = openssl_digest($auth_string, $hash_method, true);
+
+        // Above method returns "hexits". To be really compatible
+        // with session hashes generated by PHP core we'll get
+        // a raw (binary) hash and convert it to a readable form
+        // as in bin_to_readable() function in ext/session/session.c.
+        $hextab = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ,-";
+        $length = strlen($hash);
+        $result = '';
+        $char   = 0;
+        $i      = 0;
+        $have   = 0;
+        $mask   = (1 << $hash_nbits) - 1;
+
+        while (true) {
+            if ($have < $hash_nbits) {
+                if ($i < $length) {
+                    $char |= ord($hash[$i++]) << $have;
+                    $have += 8;
+                }
+                else if (!$have) {
+                    break;
+                }
+                else {
+                    $have = $hash_nbits;
+                }
+            }
+
+            // consume nbits
+            $result .= $hextab[$char & $mask];
+            $char >>= $hash_nbits;
+            $have -= $hash_nbits;
+        }
+
+        return $result;
     }
 
     /**

--
Gitblit v1.9.1