From 9d7f2719bb5e120d87fb51ac093534474d279cc4 Mon Sep 17 00:00:00 2001
From: Patrick O'Doherty <patrick@tailscale.com>
Date: Thu, 6 Mar 2025 08:52:35 -0800
Subject: [PATCH] cmd/tsidp: use constant time comparison for client_id/secret
 (#15222)

Use secure constant time comparisons for the client ID and secret values
during the allowRelyingParty authorization check.

Updates #cleanup

Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>
---
 cmd/tsidp/tsidp.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/cmd/tsidp/tsidp.go b/cmd/tsidp/tsidp.go
index 3eabef245..96fac58fd 100644
--- a/cmd/tsidp/tsidp.go
+++ b/cmd/tsidp/tsidp.go
@@ -11,6 +11,7 @@ import (
 	"context"
 	crand "crypto/rand"
 	"crypto/rsa"
+	"crypto/subtle"
 	"crypto/tls"
 	"crypto/x509"
 	"encoding/base64"
@@ -345,7 +346,9 @@ func (ar *authRequest) allowRelyingParty(r *http.Request, lc *local.Client) erro
 			clientID = r.FormValue("client_id")
 			clientSecret = r.FormValue("client_secret")
 		}
-		if ar.funnelRP.ID != clientID || ar.funnelRP.Secret != clientSecret {
+		clientIDcmp := subtle.ConstantTimeCompare([]byte(clientID), []byte(ar.funnelRP.ID))
+		clientSecretcmp := subtle.ConstantTimeCompare([]byte(clientSecret), []byte(ar.funnelRP.Secret))
+		if clientIDcmp != 1 || clientSecretcmp != 1 {
 			return fmt.Errorf("tsidp: invalid client credentials")
 		}
 		return nil