diff options
author | sina <sina@snix.ir> | 2022-07-30 17:03:19 +0430 |
---|---|---|
committer | sina <sina@snix.ir> | 2022-07-30 17:03:19 +0430 |
commit | 12d79289d0450abb4a53c4b0f51bb919a20a1bf6 (patch) | |
tree | df248f3dc10dfd333f49391aa29cdb61f0514c1f | |
parent | 9e6b79cb4d819d7740239b341a28b56f84b220e5 (diff) |
-rw-r--r-- | ecookie.go | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -3,6 +3,7 @@ package ecookie import ( "bytes" "crypto/rand" + "crypto/subtle" "encoding/hex" "errors" "io" @@ -114,7 +115,8 @@ func (h *Decryptor) Decrypt(raw []byte) ([]byte, error) { return nil, err } - if !bytes.Equal(cl, u[:lenhashfnc]) { + eq := subtle.ConstantTimeCompare(cl, u[:lenhashfnc]) + if eq != 1 { return nil, ErrAUTHCOK } |