[MediaWiki-commits] [Gerrit] mediawiki/core[master]: TemplateParser: Improve cache integrity check failure scenario

Tue, 16 May 2017 15:45:12 -0700 

Legoktm has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/354065 )

Change subject: TemplateParser: Improve cache integrity check failure scenario
......................................................................

TemplateParser: Improve cache integrity check failure scenario

Previously, if the cache integrity check failed then it would emit a
warning but then continue to use the code. The integrity check could
genuinely fail if the secret key was changed, if the cache was
truncated, or other edge case scenarios.

Now TemplateParser will recompile if the cache fails the integrity
check, and then update the cache with the newly compiled version.

Bug: T163154
Change-Id: I9a6c8d528f84cfbabf402cfaf6468c162fab1f15
---
M includes/TemplateParser.php
1 file changed, 10 insertions(+), 8 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/65/354065/1

diff --git a/includes/TemplateParser.php b/includes/TemplateParser.php
index 924c347..2759ff9 100644
--- a/includes/TemplateParser.php
+++ b/includes/TemplateParser.php
@@ -102,19 +102,21 @@
                        $key = $cache->makeKey( 'template', $templateName, 
$fastHash );
                        $code = $this->forceRecompile ? null : $cache->get( 
$key );
 
+                       if ( $code ) {
+                               // Verify the integrity of the cached PHP code
+                               $keyedHash = substr( $code, 0, 64 );
+                               $code = substr( $code, 64 );
+                               if ( $keyedHash !== hash_hmac( 'sha256', $code, 
$secretKey ) ) {
+                                       // If the integrity check fails, don't 
use the cached code
+                                       // We'll update the invalid cache below
+                                       $code = null;
+                               }
+                       }
                        if ( !$code ) {
                                $code = $this->compileForEval( $fileContents, 
$filename );
 
                                // Prefix the cached code with a keyed hash (64 
hex chars) as an integrity check
                                $cache->set( $key, hash_hmac( 'sha256', $code, 
$secretKey ) . $code );
-                       } else {
-                               // Verify the integrity of the cached PHP code
-                               $keyedHash = substr( $code, 0, 64 );
-                               $code = substr( $code, 64 );
-                               if ( $keyedHash !== hash_hmac( 'sha256', $code, 
$secretKey ) ) {
-                                       // Generate a notice if integrity check 
fails
-                                       trigger_error( "Template failed 
integrity check: {$filename}" );
-                               }
                        }
                // If there is no secret key available, don't use cache
                } else {

-- 
To view, visit https://gerrit.wikimedia.org/r/354065
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I9a6c8d528f84cfbabf402cfaf6468c162fab1f15
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Legoktm <lego...@member.fsf.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to