Use verify_in_constant_time in plaintext signature verification

erlangpack · Oct 17, 2011 · 72f7a87 · 72f7a87
1 parent 3ae1cc7
commit 72f7a87
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/oauth.erl b/src/oauth.erl
@@ -113,7 +113,7 @@ plaintext_signature(Consumer, TokenSecret) ->
   uri_join([consumer_secret(Consumer), TokenSecret]).
 
 plaintext_verify(Signature, Consumer, TokenSecret) ->
-  Signature =:= plaintext_signature(Consumer, TokenSecret).
+  verify_in_constant_time(Signature, plaintext_signature(Consumer, TokenSecret)).
 
 hmac_sha1_signature(HttpMethod, URL, Params, Consumer, TokenSecret) ->
   BaseString = signature_base_string(HttpMethod, URL, Params),