commit e22fe3f40520994287c2f49efac02957e6473277
parent 694a8c5cb640ac79b49f391be12dcdf7e687d6c4
Author: Christian Grothoff <grothoff@gnunet.org>
Date: Wed, 15 Jul 2026 23:18:41 +0200
use constant-time compare of token
Diffstat:
1 file changed, 26 insertions(+), 4 deletions(-)
diff --git a/src/kyclogic/plugin_kyclogic_persona.c b/src/kyclogic/plugin_kyclogic_persona.c
@@ -2081,6 +2081,7 @@ persona_webhook (void *cls,
enum GNUNET_DB_QueryStatus qs;
const char *persona_inquiry_id;
const char *auth_header;
+ bool bad_auth = false;
/* Persona webhooks are expected by logic, not by template */
GNUNET_break_op (NULL == pd);
@@ -2093,10 +2094,31 @@ persona_webhook (void *cls,
auth_header = MHD_lookup_connection_value (connection,
MHD_HEADER_KIND,
MHD_HTTP_HEADER_AUTHORIZATION);
- if ( (NULL != ps->webhook_token) &&
- ( (NULL == auth_header) ||
- (0 != strcmp (ps->webhook_token,
- auth_header)) ) )
+ if (NULL != ps->webhook_token)
+ {
+ if (NULL == auth_header)
+ {
+ bad_auth = true;
+ }
+ else
+ {
+ struct GNUNET_HashCode wh_hash;
+ struct GNUNET_HashCode ah_hash;
+
+ /* Compare the shared secret via hashes so that the comparison
+ time does not leak how many leading bytes of the token
+ matched (strcmp short-circuits and is a timing oracle). */
+ GNUNET_CRYPTO_hash (ps->webhook_token,
+ strlen (ps->webhook_token),
+ &wh_hash);
+ GNUNET_CRYPTO_hash (auth_header,
+ strlen (auth_header),
+ &ah_hash);
+ bad_auth = (0 != GNUNET_memcmp_priv (&wh_hash,
+ &ah_hash));
+ }
+ }
+ if (bad_auth)
{
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"Invalid authorization header `%s' received for Persona webhook\n",