TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-04-23 17:31:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs/webhooks: use subtle.ConstantTimeCompare for comparing signatures

Browse Source 
Fixes #6572

Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
Change-Id: I58610c46e0ea1d3a878f91d154db3da4de9cae00
This commit is contained in:
Andrew Dunham 2022-11-30 11:41:03 -05:00
parent 74744b0a4c
commit a6dff4fb74
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/webhooks/example.go
View File

@ -9,6 +9,7 @@ package webhooks
import ( import (
"crypto/hmac" "crypto/hmac"
"crypto/sha256" "crypto/sha256"
"crypto/subtle"
"encoding/hex" "encoding/hex"
"encoding/json" "encoding/json"
"errors" "errors"
@ -95,7 +96,7 @@ func verifyWebhookSignature(req *http.Request, secret string) (events []event, e
// Verify that the signatures match. // Verify that the signatures match.
var match bool var match bool
for _, signature := range signatures[currentVersion] { for _, signature := range signatures[currentVersion] {
if signature == want { if subtle.ConstantTimeCompare([]byte(signature), []byte(want)) == 1 {
match = true match = true
break break
} }