status-im/consul
2
0
Fork 0
mirror of https://github.com/status-im/consul.git synced 2025-01-10 13:55:55 +00:00
Code Issues Projects Releases Wiki Activity

acl: use constant time comparing to check token (#6943)

Browse Source
This commit is contained in:
Hans Hasselberg 2019-12-16 21:54:52 +01:00 committed by GitHub
parent f03153f571
commit 7d0f72c60a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
agent/token/store.go
View File

@ -2,6 +2,8 @@ package token
import ( import (
"sync" "sync"
"crypto/subtle"
) )
type TokenSource bool type TokenSource bool
@ -166,5 +168,5 @@ func (t *Store) IsAgentMasterToken(token string) bool {
t.l.RLock() t.l.RLock()
defer t.l.RUnlock() defer t.l.RUnlock()
return (token != "") && (token == t.agentMasterToken) return (token != "") && (subtle.ConstantTimeCompare([]byte(token), []byte(t.agentMasterToken)) == 1)
} }