From 4bc629658e7b7d17c9ac3fe0da7dc5df71f1b85e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaime=20Pe=CC=81rez=20Crespo?= <jaime.perez@uninett.no>
Date: Fri, 5 May 2017 10:33:53 +0200
Subject: [PATCH] bugfix: SimpleSAML\Utils\Crypto returns true for different
 strings using PHP < 5.6.

The reason was the lack of conversion to integer for each character of the strings before applying the XOR operator to them. The operator returns always an empty string when applied to two characters, and applying a binary-wise OR between 0 and an empty string, yields 0. Therefore, $diff is always 0, and the function returns true for every two strings with same length, regardless of their contents.
---
 lib/SimpleSAML/Utils/Crypto.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/SimpleSAML/Utils/Crypto.php b/lib/SimpleSAML/Utils/Crypto.php
index e9e229565..c7d16921a 100644
--- a/lib/SimpleSAML/Utils/Crypto.php
+++ b/lib/SimpleSAML/Utils/Crypto.php
@@ -404,8 +404,8 @@ class Crypto
             return false; // length differs
         }
         $diff = 0;
-        for ($i = 0; $i < $len; ++$i) {
-            $diff |= $known[$i] ^ $user[$i];
+        for ($i = 0; $i < $len; $i++) {
+            $diff |= ord($known[$i]) ^ ord($user[$i]);
         }
         // if all the bytes in $a and $b are identical, $diff should be equal to 0
         return $diff === 0;
-- 
GitLab