mirrors
/
tailscale
mirror of https://github.com/tailscale/tailscale.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

docs/webhooks: use subtle.ConstantTimeCompare for comparing signatures 

Fixes #6572

Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
Change-Id: I58610c46e0ea1d3a878f91d154db3da4de9cae00
This commit is contained in:
Andrew Dunham 2022-11-30 11:41:03 -05:00
parent 74744b0a4c
commit a6dff4fb74
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/webhooks/example.go
View File

@ -9,6 +9,7 @@ package webhooks
import (
"crypto/hmac"
"crypto/sha256"
"crypto/subtle"
"encoding/hex"
"encoding/json"
"errors"
@ -95,7 +96,7 @@ func verifyWebhookSignature(req *http.Request, secret string) (events []event, e
// Verify that the signatures match.
var match bool
for _, signature := range signatures[currentVersion] {
if signature == want {
if subtle.ConstantTimeCompare([]byte(signature), []byte(want)) == 1 {
match = true
break
}