aboutsummaryrefslogtreecommitdiff
path: root/securecookie.go
diff options
context:
space:
mode:
authorMatt Silverlock <matt@eatsleeprepeat.net>2015-08-20 11:29:58 +0300
committerMatt Silverlock <matt@eatsleeprepeat.net>2015-08-20 11:29:58 +0300
commite95799a481bbcc3d01c2ad5178524cb8bec9f370 (patch)
treefbcfbba3666f7c26d3995216ea812a0bb0a050d3 /securecookie.go
parent2e348ac077bbe1e0f8e71f31b7c399e0fc9120f8 (diff)
parent9479394b876146d1aa3b5bebd64a16b9c1047815 (diff)
Merge pull request #33 from elithrar/subtle-len-backport
Reverts d8773d3 - backports len check for subtle.ConstantTimeCompare.
Diffstat (limited to 'securecookie.go')
-rw-r--r--securecookie.go4
1 files changed, 3 insertions, 1 deletions
diff --git a/securecookie.go b/securecookie.go
index a776889..be43e9d 100644
--- a/securecookie.go
+++ b/securecookie.go
@@ -372,7 +372,9 @@ func createMac(h hash.Hash, value []byte) []byte {
// verifyMac verifies that a message authentication code (MAC) is valid.
func verifyMac(h hash.Hash, value []byte, mac []byte) error {
mac2 := createMac(h, value)
- if subtle.ConstantTimeCompare(mac, mac2) == 1 {
+ // Check that both MACs are of equal length, as subtle.ConstantTimeCompare
+ // does not do this prior to Go 1.4.
+ if len(mac) == len(mac2) && subtle.ConstantTimeCompare(mac, mac2) == 1 {
return nil
}
return ErrMacInvalid