pimhwang
/
owncast
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Use subtle.ConstantTimeCompare instead of simple string compare. Closes #2489

pull/2478/head
Gabe Kangas 3 years ago
parent
3894f410d2
commit
cd874cda93
No known key found for this signature in database
GPG Key ID: 4345B2060657F330
1 changed files with 4 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      core/rtmp/utils.go

5
core/rtmp/utils.go
Unescape View File

@ -1,6 +1,7 @@
package rtmp package rtmp
import ( import (
"crypto/subtle"
"encoding/json" "encoding/json"
"errors" "errors"
"fmt" "fmt"
@ -89,5 +90,7 @@ func secretMatch(configStreamKey string, path string) bool {
} }
streamingKey := path[len(prefix):] // Remove $prefix streamingKey := path[len(prefix):] // Remove $prefix
return streamingKey == configStreamKey
matches := subtle.ConstantTimeCompare([]byte(streamingKey), []byte(configStreamKey)) == 1
return matches
} }

Write Preview
Loading…
Cancel
Save