8000 bug #42637 [Security] Fixed TOCTOU in RememberMe cache token verifier · symfony/symfony@2b8bee5 · GitHub
[go: up one dir, main page]
Skip to content

Commit 2b8bee5

Browse files
author
Ivan Kurnosov
committed
bug #42637 [Security] Fixed TOCTOU in RememberMe cache token verifier
1 parent 326944d commit 2b8bee5

File tree

1 file changed

+4
-4
lines changed

1 file changed

+4
-4
lines changed

src/Symfony/Component/Security/Core/Authentication/RememberMe/CacheTokenVerifier.php

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -45,12 +45,12 @@ public function verifyToken(PersistentTokenInterface $token, string $tokenValue)
4545
}
4646

4747
$cacheKey = $this->getCacheKey($token);
48-
if (!$this->cache->hasItem($cacheKey)) {
49-
return false;
50-
}
51-
5248
$item = $this->cache->getItem($cacheKey);
49+
5350
$outdatedToken = $item->get();
51+
if (!\is_string($outdatedToken)) {
52+
return false;
53+
}
5454

5555
return hash_equals($outdatedToken, $tokenValue);
5656
}

0 commit comments

Comments
 (0)
0