diff options
author | Zuul <zuul@review.opendev.org> | 2023-01-07 23:39:40 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2023-01-07 23:39:40 +0000 |
commit | c92b37e6d21c54a4142f997c24e2f8b87ca98959 (patch) | |
tree | a30834456bc2378b6d3394c3efac7bcdf04c3220 | |
parent | eb2e840edd65a8a79d85bc7ca8527b4bb7ba24e6 (diff) | |
parent | d157b404a81e6cc1f636e794eb14030fdbff687c (diff) | |
download | swift-c92b37e6d21c54a4142f997c24e2f8b87ca98959.tar.gz |
Merge "s3api: Use constant-time string comparisons in check_signature" into stable/stein
-rw-r--r-- | swift/common/middleware/s3api/s3request.py | 6 | ||||
-rw-r--r-- | test/unit/common/middleware/s3api/test_s3request.py | 11 |
2 files changed, 14 insertions, 3 deletions
diff --git a/swift/common/middleware/s3api/s3request.py b/swift/common/middleware/s3api/s3request.py index e882c9c02..df94120b5 100644 --- a/swift/common/middleware/s3api/s3request.py +++ b/swift/common/middleware/s3api/s3request.py @@ -25,7 +25,7 @@ from six.moves.urllib.parse import quote, unquote, parse_qsl import string from swift.common.utils import split_path, json, get_swift_info, \ - close_if_possible + close_if_possible, streq_const_time from swift.common import swob from swift.common.http import HTTP_OK, HTTP_CREATED, HTTP_ACCEPTED, \ HTTP_NO_CONTENT, HTTP_UNAUTHORIZED, HTTP_FORBIDDEN, HTTP_NOT_FOUND, \ @@ -155,7 +155,7 @@ class SigV4Mixin(object): derived_secret, scope_piece, sha256).digest() valid_signature = hmac.new( derived_secret, self.string_to_sign, sha256).hexdigest() - return user_signature == valid_signature + return streq_const_time(user_signature, valid_signature) @property def _is_query_auth(self): @@ -546,7 +546,7 @@ class S3Request(swob.Request): user_signature = self.signature valid_signature = base64.b64encode(hmac.new( secret, self.string_to_sign, sha1).digest()).strip() - return user_signature == valid_signature + return streq_const_time(user_signature, valid_signature) @property def timestamp(self): diff --git a/test/unit/common/middleware/s3api/test_s3request.py b/test/unit/common/middleware/s3api/test_s3request.py index fbb4dd8ef..10a7d9fb6 100644 --- a/test/unit/common/middleware/s3api/test_s3request.py +++ b/test/unit/common/middleware/s3api/test_s3request.py @@ -767,6 +767,11 @@ class TestRequest(S3ApiTestCase): self.assertEqual(expected_sts, sigv2_req._string_to_sign()) self.assertTrue(sigv2_req.check_signature(secret)) + with patch('swift.common.middleware.s3api.s3request.streq_const_time', + return_value=True) as mock_eq: + self.assertTrue(sigv2_req.check_signature(secret)) + mock_eq.assert_called_once() + def test_check_signature_sigv2(self): self._test_check_signature_sigv2( 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY') @@ -806,6 +811,12 @@ class TestRequest(S3ApiTestCase): self.assertFalse(sigv4_req.check_signature( u'\u30c9\u30e9\u30b4\u30f3')) + with patch('swift.common.middleware.s3api.s3request.streq_const_time', + return_value=False) as mock_eq: + self.assertFalse(sigv4_req.check_signature( + u'\u30c9\u30e9\u30b4\u30f3')) + mock_eq.assert_called_once() + class TestHashingInput(S3ApiTestCase): def test_good(self): |