Opened at 2021-10-28T15:44:43Z
Closed at 2021-11-04T00:14:52Z
#3834 closed defect (fixed)
The logic for determining a correct lease renew secret is duplicated
| Reported by: | exarkun | Owned by: | exarkun |
|---|---|---|---|
| Priority: | normal | Milestone: | undecided |
| Component: | unknown | Version: | n/a |
| Keywords: | Cc: | ||
| Launchpad Bug: |
Description
Both ShareFile.renew_lease and MutableShareFile.renew_lease take care to use timing_safe_comparison for checking to see if a supplied renew secret matches the secret in an existing lease.
Instead, LeaseInfo could provide a method for doing this check and getting it right, leaving the two renew_lease implementations to focus on the application logic instead of defense against the timing side-channel.
Change History (1)
comment:1 Changed at 2021-11-04T00:14:52Z by GitHub <noreply@…>
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
In 8383f6a/trunk: