From a0cb5db3a8ac1150f9fa838916379a7565b9ca1b Mon Sep 17 00:00:00 2001 From: Leon Date: Fri, 11 Feb 2022 21:39:37 +0800 Subject: [PATCH] fix md5 0e bypass vulnerability --- upload/api/db/dbbak.php | 2 +- upload/install/include/install_function.php | 2 +- upload/source/function/function_core.php | 2 +- upload/uc_client/client.php | 2 +- upload/uc_server/api/dbbak.php | 2 +- upload/uc_server/install/func.inc.php | 2 +- upload/uc_server/model/base.php | 2 +- upload/uc_server/upgrade/upgrade2.php | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/upload/api/db/dbbak.php b/upload/api/db/dbbak.php index 41ac9d3d6..dbd0465a8 100644 --- a/upload/api/db/dbbak.php +++ b/upload/api/db/dbbak.php @@ -897,7 +897,7 @@ function _authcode($string, $operation = 'DECODE', $key = '', $expiry = 0) { } if($operation == 'DECODE') { - if((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26).$keyb), 0, 16)) { + if((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) === substr(md5(substr($result, 26).$keyb), 0, 16)) { return substr($result, 26); } else { return ''; diff --git a/upload/install/include/install_function.php b/upload/install/include/install_function.php index 67c9ab9e4..b9cabde27 100644 --- a/upload/install/include/install_function.php +++ b/upload/install/include/install_function.php @@ -787,7 +787,7 @@ function authcode($string, $operation = 'DECODE', $key = '', $expiry = 0) { } if($operation == 'DECODE') { - if((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26).$keyb), 0, 16)) { + if((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) === substr(md5(substr($result, 26).$keyb), 0, 16)) { return substr($result, 26); } else { return ''; diff --git a/upload/source/function/function_core.php b/upload/source/function/function_core.php index f0afd2bef..d9b393508 100644 --- a/upload/source/function/function_core.php +++ b/upload/source/function/function_core.php @@ -173,7 +173,7 @@ function authcode($string, $operation = 'DECODE', $key = '', $expiry = 0) { } if($operation == 'DECODE') { - if((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26).$keyb), 0, 16)) { + if((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) === substr(md5(substr($result, 26).$keyb), 0, 16)) { return substr($result, 26); } else { return ''; diff --git a/upload/uc_client/client.php b/upload/uc_client/client.php index 87d09e734..2d536ed4e 100644 --- a/upload/uc_client/client.php +++ b/upload/uc_client/client.php @@ -203,7 +203,7 @@ function uc_authcode($string, $operation = 'DECODE', $key = '', $expiry = 0) { } if($operation == 'DECODE') { - if((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26).$keyb), 0, 16)) { + if((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) === substr(md5(substr($result, 26).$keyb), 0, 16)) { return substr($result, 26); } else { return ''; diff --git a/upload/uc_server/api/dbbak.php b/upload/uc_server/api/dbbak.php index f83448a87..39d1c1a1c 100644 --- a/upload/uc_server/api/dbbak.php +++ b/upload/uc_server/api/dbbak.php @@ -893,7 +893,7 @@ function _authcode($string, $operation = 'DECODE', $key = '', $expiry = 0) { } if($operation == 'DECODE') { - if((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26).$keyb), 0, 16)) { + if((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) === substr(md5(substr($result, 26).$keyb), 0, 16)) { return substr($result, 26); } else { return ''; diff --git a/upload/uc_server/install/func.inc.php b/upload/uc_server/install/func.inc.php index 816a74476..1114b0cf8 100644 --- a/upload/uc_server/install/func.inc.php +++ b/upload/uc_server/install/func.inc.php @@ -621,7 +621,7 @@ function authcode($string, $operation = 'DECODE', $key = '', $expiry = 0) { } if($operation == 'DECODE') { - if((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26).$keyb), 0, 16)) { + if((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) === substr(md5(substr($result, 26).$keyb), 0, 16)) { return substr($result, 26); } else { return ''; diff --git a/upload/uc_server/model/base.php b/upload/uc_server/model/base.php index 831f574b0..0391c8a97 100644 --- a/upload/uc_server/model/base.php +++ b/upload/uc_server/model/base.php @@ -182,7 +182,7 @@ class base { } if($operation == 'DECODE') { - if((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26).$keyb), 0, 16)) { + if((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) === substr(md5(substr($result, 26).$keyb), 0, 16)) { return substr($result, 26); } else { return ''; diff --git a/upload/uc_server/upgrade/upgrade2.php b/upload/uc_server/upgrade/upgrade2.php index 360efe6d2..e6c3180d6 100644 --- a/upload/uc_server/upgrade/upgrade2.php +++ b/upload/uc_server/upgrade/upgrade2.php @@ -585,7 +585,7 @@ function authcode($string, $operation = 'DECODE', $key = '', $expiry = 0) { } if($operation == 'DECODE') { - if((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26).$keyb), 0, 16)) { + if((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) === substr(md5(substr($result, 26).$keyb), 0, 16)) { return substr($result, 26); } else { return ''; -- Gitee