From b15763bd86bf6e457594750853ae9ad2640f9d28 Mon Sep 17 00:00:00 2001 From: "Alexander A. Klimov" Date: Thu, 31 Mar 2022 19:06:14 +0200 Subject: [PATCH] Compare cluster tickets in constant time Just to be sure. --- lib/remote/jsonrpcconnection-pki.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/remote/jsonrpcconnection-pki.cpp b/lib/remote/jsonrpcconnection-pki.cpp index d955becb5..8cb116eda 100644 --- a/lib/remote/jsonrpcconnection-pki.cpp +++ b/lib/remote/jsonrpcconnection-pki.cpp @@ -197,7 +197,7 @@ Value RequestCertificateHandler(const MessageOrigin::Ptr& origin, const Dictiona << "Certificate request for CN '" << cn << "': Comparing received ticket '" << ticket << "' with calculated ticket '" << realTicket << "'."; - if (ticket != realTicket) { + if (!Utility::ComparePasswords(ticket, realTicket)) { Log(LogWarning, "JsonRpcConnection") << "Ticket '" << ticket << "' for CN '" << cn << "' is invalid.";