tyler.durden/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2025-07-21 21:05:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: use subtle compare

Browse Source
This commit is contained in:
Jason Song 2022-11-04 18:31:40 +08:00
parent 0e74431229
commit 8a8214113b
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
models/bots/task.go
View File

@ -7,6 +7,7 @@ package bots
import (
"bytes"
"context"
"crypto/subtle"
"encoding/binary"
"errors"
"fmt"
@ -266,7 +267,7 @@ func GetTaskByToken(ctx context.Context, token string) (*Task, error) {
for _, t := range tasks {
tempHash := auth_model.HashToken(token, t.TokenSalt)
if t.TokenHash == tempHash {
if subtle.ConstantTimeCompare([]byte(t.TokenHash), []byte(tempHash)) == 1 {
if successfulTokenTaskCache != nil {
successfulTokenTaskCache.Add(token, t.ID)
}