Fixed timing attack in signature verification in the cookie session s…

…tore by replacing = with secure-compare. Adapted from http://codahale.com/a-lesson-in-timing-attacks/ Not using Java's MessageDigest.isEqual since that had a vulnerability until recently
mmcgrana · 0e68817324a79eb6bd460ee56b67a3a83efafc81 · yn committed Dec 16, 2010 · Dec 16, 2010 · 0e68817
1 parent edabc35
commit 0e68817324a79eb6bd460ee56b67a3a83efafc81
Unified Split

Showing with 11 additions and 2 deletions.

+11 −2 ring-core/src/ring/middleware/session/cookie.clj
@@ -77,13 +77,22 @@
   (let [data (encrypt key (.getBytes (pr-str data)))]
     (str (codec/base64-encode data) "--" (hmac key data))))
 
+(defn- secure-compare [a b]
+  (if (and a b (= (.length a) (.length b)))
+      (= 0
+         (reduce bit-or
+                 (map bit-xor
+                      (.getBytes a)
+                      (.getBytes b))))
+      false))
+
 (defn- unseal
   "Retrieve a sealed Clojure data structure from a string"
   [key ^String string]
   (let [[data mac] (.split string "--")
         data (codec/base64-decode data)]
-    (if (= mac (hmac key data))
-      (read-string (decrypt key data)))))
+    (if (secure-compare mac (hmac key data))
+        (read-string (decrypt key data)))))
 
 (deftype CookieStore [secret-key]
   SessionStore