XiaoMo/frp
1
0
Fork 0
mirror of https://github.com/fatedier/frp.git synced 2025-07-27 07:35:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

use constant time comparison (#3452)

Browse Source
This commit is contained in:
fatedier
2023-05-29 00:27:27 +08:00
committed by GitHub
parent 756dd1ad5e
commit 4915852b9c
11 changed files with 45 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/nathole/controller.go
View File

@@ -174,7 +174,7 @@ func (c *Controller) HandleVisitor(m *msg.NatHoleVisitor, transporter transport.
if !ok {
return fmt.Errorf("xtcp server for [%s] doesn't exist", m.ProxyName)
}
if m.SignKey != util.GetAuthKey(clientCfg.sk, m.Timestamp) {
if !util.ConstantTimeEqString(m.SignKey, util.GetAuthKey(clientCfg.sk, m.Timestamp)) {
return fmt.Errorf("xtcp connection of [%s] auth failed", m.ProxyName)
}
c.sessions[sid] = session