github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-27 13:37:30 +00:00
Code Issues Projects Releases Wiki Activity

Use constant time compare for bootstrap tokens

Browse Source 
Signed-off-by: Joe Beda <joe.github@bedafamily.com>
This commit is contained in:
Joe Beda 2017-03-14 14:06:33 +00:00
parent 5e29e1ee05
commit c46d6bb825
No known key found for this signature in database
GPG Key ID: 4296898C63A3591D
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
plugin/pkg/auth/authenticator/token/bootstrap/bootstrap.go
View File

@ -20,6 +20,7 @@ Package bootstrap provides a token authenticator for TLS bootstrap secrets.
package bootstrap package bootstrap
import ( import (
"crypto/subtle"
"fmt" "fmt"
"regexp" "regexp"
"time" "time"
@ -95,7 +96,7 @@ func (t *TokenAuthenticator) AuthenticateToken(token string) (user.Info, bool, e
} }
ts := getSecretString(secret, bootstrapapi.BootstrapTokenSecretKey) ts := getSecretString(secret, bootstrapapi.BootstrapTokenSecretKey)
if ts != tokenSecret { if subtle.ConstantTimeCompare([]byte(ts), []byte(tokenSecret)) != 1 {
return nil, false, nil return nil, false, nil
} }