mirror of
https://github.com/onionshare/onionshare.git
synced 2025-01-11 04:02:40 -03:00
Merge branch 'delirious-lettuce-hmac_compare_digest'
This commit is contained in:
commit
b5fe8b7519
2 changed files with 2 additions and 22 deletions
|
@ -114,26 +114,6 @@ def get_version():
|
|||
return version
|
||||
|
||||
|
||||
def constant_time_compare(val1, val2):
|
||||
"""
|
||||
Returns True if the two strings are equal, False otherwise.
|
||||
|
||||
The time taken is independent of the number of characters that match.
|
||||
|
||||
For the sake of simplicity, this function executes in constant time only
|
||||
when the two strings have the same length. It short-circuits when they
|
||||
have different lengths.
|
||||
|
||||
From: http://www.levigross.com/2014/02/07/constant-time-comparison-functions-in...-python-haskell-clojure-and-java/
|
||||
"""
|
||||
if len(val1) != len(val2):
|
||||
return False
|
||||
result = 0
|
||||
for x, y in zip(val1, val2):
|
||||
result |= x ^ y
|
||||
return result == 0
|
||||
|
||||
|
||||
def random_string(num_bytes, output_len=None):
|
||||
"""
|
||||
Returns a random string with a specified number of bytes.
|
||||
|
|
|
@ -18,7 +18,7 @@ You should have received a copy of the GNU General Public License
|
|||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
"""
|
||||
from distutils.version import StrictVersion as Version
|
||||
import queue, mimetypes, platform, os, sys, socket, logging
|
||||
import queue, mimetypes, platform, os, sys, socket, logging, hmac
|
||||
from urllib.request import urlopen
|
||||
|
||||
from flask import Flask, Response, request, render_template_string, abort, make_response
|
||||
|
@ -162,7 +162,7 @@ def check_slug_candidate(slug_candidate, slug_compare = None):
|
|||
global slug
|
||||
if not slug_compare:
|
||||
slug_compare = slug
|
||||
if not common.constant_time_compare(slug_compare.encode('ascii'), slug_candidate.encode('ascii')):
|
||||
if not hmac.compare_digest(slug_compare, slug_candidate):
|
||||
abort(404)
|
||||
|
||||
|
||||
|
|
Loading…
Reference in a new issue