n/wireproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

constant time string comparison for socks5 credential validation

Browse Source
This commit is contained in:
octeep
2022-03-31 10:07:44 +01:00
committed by octeep
parent 898c557b8c
commit 2defb13396
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
routine.go
View File

@@ -2,6 +2,7 @@ package wireproxy
import ( import (
"context" "context"
"crypto/subtle"
"errors" "errors"
"fmt" "fmt"
"io" "io"
@@ -110,7 +111,9 @@ func (config *Socks5Config) SpawnRoutine(vt *VirtualTun) {
} }
func (c CredentialValidator) Valid(username, password string) bool { func (c CredentialValidator) Valid(username, password string) bool {
return c.username == username && c.password == password u := subtle.ConstantTimeCompare([]byte(c.username), []byte(username))
p := subtle.ConstantTimeCompare([]byte(c.password), []byte(password))
return u&p == 1
} }
func connForward(bufSize int, from io.ReadWriteCloser, to io.ReadWriteCloser) { func connForward(bufSize int, from io.ReadWriteCloser, to io.ReadWriteCloser) {