Skip to content

Commit

Permalink
Protect against divide-by-Watson errors. Props @bswatson
Browse files Browse the repository at this point in the history
  • Loading branch information
@ericmann
ericmann committed Nov 22, 2017
1 parent f47a8e4 commit bf268b4
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 0 deletions.
5 changes: 5 additions & 0 deletions php/functions.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,11 @@ function calc_totp($key, $step_count = false, $digits = 6, $hash = 'sha1', $time
throw new \InvalidArgumentException('Invalid hash type specified!');
}

$time_step = intval($time_step);
if ($time_step <= 0) {
throw new \InvalidArgumentException('Time step must be greater than zero');
}

if (false === $step_count) {
$step_count = floor(time() / $time_step);
}
Expand Down
16 changes: 16 additions & 0 deletions test/phpunit/CoreTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,4 +86,20 @@ public function test_invalid_hash()
$key = new Key();
calc_totp($key, false, 6, 'md5');
}

public function test_time_step_nonzero()
{
$this->expectException(\InvalidArgumentException::class);

$key = new Key();
calc_totp($key, false, 6, 'sha1', 0);
}

public function test_time_step_positive()
{
$this->expectException(\InvalidArgumentException::class);

$key = new Key();
calc_totp($key, false, 6, 'sha1', -30);
}
}

0 comments on commit bf268b4

Please sign in to comment.