Skynet/misc_pterodactyl-panel
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixing timing attack vuln. on HMAC comparison (#409)

Browse source
This commit is contained in:
Fillerino 2017-04-24 22:49:03 +02:00 committed by Dane Everitt
parent a35788da34
commit 5cc28a0716
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/Http/Middleware/HMACAuthorization.php
View file

@ -170,7 +170,7 @@ class HMACAuthorization
*/ */
protected function validateContents() protected function validateContents()
{ {
if (base64_decode($this->hash()) !== $this->generateSignature()) { if (! hash_equals(base64_decode($this->hash()), $this->generateSignature())) {
throw new BadRequestHttpException('The HMAC for the request was invalid.'); throw new BadRequestHttpException('The HMAC for the request was invalid.');
} }
} }