MrUnknownDE/panel
1
0
Fork 0
mirror of https://github.com/MrUnknownDE/panel.git synced 2026-04-14 04:13:46 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixing timing attack vuln. on HMAC comparison (#409)

Browse Source
This commit is contained in:
Fillerino
2017-04-24 22:49:03 +02:00
committed by Dane Everitt
parent a35788da34
commit 5cc28a0716
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/Http/Middleware/HMACAuthorization.php
View File

@@ -170,7 +170,7 @@ class HMACAuthorization
*/
protected function validateContents()
{
if (base64_decode($this->hash()) !== $this->generateSignature()) {
if (! hash_equals(base64_decode($this->hash()), $this->generateSignature())) {
throw new BadRequestHttpException('The HMAC for the request was invalid.');
}
}