mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-29 00:40:57 +01:00
Fix a potentially lax hash comparison
Summary: Via HackerOne. See D14025. I missed this comparison when making the original change. Test Plan: - Used `cat mail.txt | scripts/mail/mail_handler.php --process-duplicates` to pipe mail in a whole lot of times. - Tried bad hashes, saw rejections. - Tried good hash, saw mail accepted. Reviewers: chad Reviewed By: chad Differential Revision: https://secure.phabricator.com/D14455
This commit is contained in:
parent
64ad44cffb
commit
b3d3130b71
1 changed files with 1 additions and 1 deletions
|
@ -126,7 +126,7 @@ abstract class PhabricatorObjectMailReceiver extends PhabricatorMailReceiver {
|
|||
|
||||
$expect_hash = self::computeMailHash($object->getMailKey(), $check_phid);
|
||||
|
||||
if ($expect_hash != $parts['hash']) {
|
||||
if (!phutil_hashes_are_identical($expect_hash, $parts['hash'])) {
|
||||
throw new PhabricatorMetaMTAReceivedMailProcessingException(
|
||||
MetaMTAReceivedMailStatus::STATUS_HASH_MISMATCH,
|
||||
pht(
|
||||
|
|
Loading…
Reference in a new issue