diff options
| author | Matt Silverlock <matt@eatsleeprepeat.net> | 2015-08-20 11:26:03 +0300 |
|---|---|---|
| committer | Matt Silverlock <matt@eatsleeprepeat.net> | 2015-08-20 11:26:03 +0300 |
| commit | 9479394b876146d1aa3b5bebd64a16b9c1047815 (patch) | |
| tree | fbcfbba3666f7c26d3995216ea812a0bb0a050d3 /securecookie.go | |
| parent | 2e348ac077bbe1e0f8e71f31b7c399e0fc9120f8 (diff) | |
Reverts d8773d3 - backports len check for subtle.ConstantTimeCompare.
Diffstat (limited to 'securecookie.go')
| -rw-r--r-- | securecookie.go | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/securecookie.go b/securecookie.go index a776889..be43e9d 100644 --- a/securecookie.go +++ b/securecookie.go @@ -372,7 +372,9 @@ func createMac(h hash.Hash, value []byte) []byte { // verifyMac verifies that a message authentication code (MAC) is valid. func verifyMac(h hash.Hash, value []byte, mac []byte) error { mac2 := createMac(h, value) - if subtle.ConstantTimeCompare(mac, mac2) == 1 { + // Check that both MACs are of equal length, as subtle.ConstantTimeCompare + // does not do this prior to Go 1.4. + if len(mac) == len(mac2) && subtle.ConstantTimeCompare(mac, mac2) == 1 { return nil } return ErrMacInvalid |