docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix hash compare on verfy to be bytewise 

Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
This commit is contained in:
Nathan McCauley 2015-07-20 17:46:48 -07:00
parent c0b0593247
commit 6ffcb134d7
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cmd/notary/tuf.go
View File

@ -8,6 +8,7 @@ import (
"net/http" "net/http"
"os" "os"
"crypto/subtle"
"github.com/Sirupsen/logrus" "github.com/Sirupsen/logrus"
notaryclient "github.com/docker/notary/client" notaryclient "github.com/docker/notary/client"
"github.com/docker/notary/pkg/passphrase" "github.com/docker/notary/pkg/passphrase"
@ -257,9 +258,10 @@ func verify(cmd *cobra.Command, args []string) {
} }
// Create hasher and hash data // Create hasher and hash data
stdinHash := fmt.Sprintf("sha256:%x", sha256.Sum256(payload)) stdinHash := sha256.Sum256(payload)
serverHash := fmt.Sprintf("sha256:%s", target.Hashes["sha256"]) serverHash := target.Hashes["sha256"]
if stdinHash != serverHash {
if subtle.ConstantTimeCompare(stdinHash[:], serverHash) == 0 {
logrus.Error("notary: data not present in the trusted collection.") logrus.Error("notary: data not present in the trusted collection.")
os.Exit(1) os.Exit(1)
} else { } else {