From 18067df94d924de0f7f86eb45f6025e5a33dd2a0 Mon Sep 17 00:00:00 2001 From: "Alexander A. Klimov" Date: Thu, 31 Mar 2022 19:06:14 +0200 Subject: [PATCH] Compare cluster tickets in constant time Just to be sure. --- lib/remote/jsonrpcconnection-pki.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/remote/jsonrpcconnection-pki.cpp b/lib/remote/jsonrpcconnection-pki.cpp index baa115d69..a87cfa5bd 100644 --- a/lib/remote/jsonrpcconnection-pki.cpp +++ b/lib/remote/jsonrpcconnection-pki.cpp @@ -196,7 +196,7 @@ Value RequestCertificateHandler(const MessageOrigin::Ptr& origin, const Dictiona << "Certificate request for CN '" << cn << "': Comparing received ticket '" << ticket << "' with calculated ticket '" << realTicket << "'."; - if (ticket != realTicket) { + if (!Utility::ComparePasswords(ticket, realTicket)) { Log(LogWarning, "JsonRpcConnection") << "Ticket '" << ticket << "' for CN '" << cn << "' is invalid.";