mirrors/wireproxy
1
0
Fork 0
mirror of https://github.com/whyvl/wireproxy.git synced 2025-04-29 19:01:42 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

constant time string comparison for socks5 credential validation

Browse source
This commit is contained in:
octeep 2022-03-31 10:07:44 +01:00
parent 6b05fcc6ca
commit c1989bf6f0
1 changed files with 4 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
routine.go
View file

@ -2,6 +2,7 @@ package wireproxy
import ( import (
"context" "context"
"crypto/subtle"
"errors" "errors"
"fmt" "fmt"
"io" "io"
@ -110,7 +111,9 @@ func (config *Socks5Config) SpawnRoutine(vt *VirtualTun) {
} }
func (c CredentialValidator) Valid(username, password string) bool { func (c CredentialValidator) Valid(username, password string) bool {
return c.username == username && c.password == password u := subtle.ConstantTimeCompare([]byte(c.username), []byte(username))
p := subtle.ConstantTimeCompare([]byte(c.password), []byte(password))
return u&p == 1
} }
func connForward(bufSize int, from io.ReadWriteCloser, to io.ReadWriteCloser) { func connForward(bufSize int, from io.ReadWriteCloser, to io.ReadWriteCloser) {