tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9332 from Icinga/bugfix/compare-cluster-tickets-in-constant-time 

Compare cluster tickets in constant time
This commit is contained in:
Julian Brost 2022-04-11 15:32:32 +02:00 committed by GitHub
parent b24a2fa2a5 b15763bd86
commit 178aaaeca9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/remote/jsonrpcconnection-pki.cpp
View File

@ -186,7 +186,7 @@ Value RequestCertificateHandler(const MessageOrigin::Ptr& origin, const Dictiona
<< "Certificate request for CN '" << cn << "': Comparing received ticket '"
<< ticket << "' with calculated ticket '" << realTicket << "'.";
if (ticket != realTicket) {
if (!Utility::ComparePasswords(ticket, realTicket)) {
Log(LogWarning, "JsonRpcConnection")
<< "Ticket '" << ticket << "' for CN '" << cn << "' is invalid.";