Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Refactored fixed-time HMAC validation.

  • Loading branch information...
commit 4c3493e06c6a0cd5302ab744cf7c2b9db7f34960 1 parent fb7d1f6
@mehrdada mehrdada authored
Showing with 3 additions and 3 deletions.
  1. +3 −3 AppHarbor.Web.Security/KeyedHashValidation.cs
View
6 AppHarbor.Web.Security/KeyedHashValidation.cs
@@ -58,18 +58,18 @@ public override bool Validate(byte[] signedMessage)
private bool Validate(byte[] signedMessage, int dataLength)
{
bool isValid = true;
- if (signedMessage.Length == 0)
+ var validSignature = ComputeSignature(signedMessage, 0, dataLength);
+ if (signedMessage.Length != dataLength + validSignature.Length)
{
return false;
}
- var validSignature = ComputeSignature(signedMessage, 0, dataLength);
for (int i = 0; i < validSignature.Length; i++)
{
if (i + dataLength >= signedMessage.Length)
{
isValid = false;
}
- if (signedMessage[(i + dataLength) % signedMessage.Length] != validSignature[i])
+ if (signedMessage[i + dataLength] != validSignature[i])
{
isValid = false;
}
Please sign in to comment.
Something went wrong with that request. Please try again.