From 12d79289d0450abb4a53c4b0f51bb919a20a1bf6 Mon Sep 17 00:00:00 2001
From: sina <sina@snix.ir>
Date: Sat, 30 Jul 2022 17:03:19 +0430
Subject: some issue

---
 ecookie.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ecookie.go b/ecookie.go
index 23927df..41e60f7 100644
--- a/ecookie.go
+++ b/ecookie.go
@@ -3,6 +3,7 @@ package ecookie
 import (
 	"bytes"
 	"crypto/rand"
+	"crypto/subtle"
 	"encoding/hex"
 	"errors"
 	"io"
@@ -114,7 +115,8 @@ func (h *Decryptor) Decrypt(raw []byte) ([]byte, error) {
 		return nil, err
 	}
 
-	if !bytes.Equal(cl, u[:lenhashfnc]) {
+	eq := subtle.ConstantTimeCompare(cl, u[:lenhashfnc])
+	if eq != 1 {
 		return nil, ErrAUTHCOK
 	}
 
-- 
cgit v1.2.3