exchange

Base system with REST service to issue digital coins, run by the payment service provider
Log | Files | Refs | Submodules | README | LICENSE

commit e22fe3f40520994287c2f49efac02957e6473277
parent 694a8c5cb640ac79b49f391be12dcdf7e687d6c4
Author: Christian Grothoff <grothoff@gnunet.org>
Date:   Wed, 15 Jul 2026 23:18:41 +0200

use constant-time compare of token

Diffstat:
Msrc/kyclogic/plugin_kyclogic_persona.c | 30++++++++++++++++++++++++++----
1 file changed, 26 insertions(+), 4 deletions(-)

diff --git a/src/kyclogic/plugin_kyclogic_persona.c b/src/kyclogic/plugin_kyclogic_persona.c @@ -2081,6 +2081,7 @@ persona_webhook (void *cls, enum GNUNET_DB_QueryStatus qs; const char *persona_inquiry_id; const char *auth_header; + bool bad_auth = false; /* Persona webhooks are expected by logic, not by template */ GNUNET_break_op (NULL == pd); @@ -2093,10 +2094,31 @@ persona_webhook (void *cls, auth_header = MHD_lookup_connection_value (connection, MHD_HEADER_KIND, MHD_HTTP_HEADER_AUTHORIZATION); - if ( (NULL != ps->webhook_token) && - ( (NULL == auth_header) || - (0 != strcmp (ps->webhook_token, - auth_header)) ) ) + if (NULL != ps->webhook_token) + { + if (NULL == auth_header) + { + bad_auth = true; + } + else + { + struct GNUNET_HashCode wh_hash; + struct GNUNET_HashCode ah_hash; + + /* Compare the shared secret via hashes so that the comparison + time does not leak how many leading bytes of the token + matched (strcmp short-circuits and is a timing oracle). */ + GNUNET_CRYPTO_hash (ps->webhook_token, + strlen (ps->webhook_token), + &wh_hash); + GNUNET_CRYPTO_hash (auth_header, + strlen (auth_header), + &ah_hash); + bad_auth = (0 != GNUNET_memcmp_priv (&wh_hash, + &ah_hash)); + } + } + if (bad_auth) { GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "Invalid authorization header `%s' received for Persona webhook\n",