From: Brian Warner Date: Mon, 23 Mar 2009 03:21:28 +0000 (-0700) Subject: storage: use constant-time comparison for write-enablers and lease-secrets X-Git-Tag: allmydata-tahoe-1.4.0~36 X-Git-Url: https://git.rkrishnan.org/components/com_hotproperty/install.html?a=commitdiff_plain;h=5e8c31c3b6672421ab7f75bffe474d58a77decf8;p=tahoe-lafs%2Ftahoe-lafs.git storage: use constant-time comparison for write-enablers and lease-secrets --- diff --git a/src/allmydata/storage/immutable.py b/src/allmydata/storage/immutable.py index 61d277c6..cc58d44f 100644 --- a/src/allmydata/storage/immutable.py +++ b/src/allmydata/storage/immutable.py @@ -6,6 +6,7 @@ from zope.interface import implements from allmydata.interfaces import RIBucketWriter, RIBucketReader from allmydata.util import base32, fileutil, log from allmydata.util.assertutil import precondition +from allmydata.util.hashutil import constant_time_compare from allmydata.storage.lease import LeaseInfo from allmydata.storage.common import UnknownImmutableContainerVersionError, \ DataTooLargeError @@ -142,7 +143,7 @@ class ShareFile: def renew_lease(self, renew_secret, new_expire_time): for i,lease in enumerate(self.get_leases()): - if lease.renew_secret == renew_secret: + if constant_time_compare(lease.renew_secret, renew_secret): # yup. See if we need to update the owner time. if new_expire_time > lease.expiration_time: # yes @@ -172,7 +173,7 @@ class ShareFile: leases = list(self.get_leases()) num_leases_removed = 0 for i,lease in enumerate(leases): - if lease.cancel_secret == cancel_secret: + if constant_time_compare(lease.cancel_secret, cancel_secret): leases[i] = None num_leases_removed += 1 if not num_leases_removed: diff --git a/src/allmydata/storage/mutable.py b/src/allmydata/storage/mutable.py index 59e662c3..6282af59 100644 --- a/src/allmydata/storage/mutable.py +++ b/src/allmydata/storage/mutable.py @@ -3,6 +3,7 @@ import os, stat, struct from allmydata.interfaces import BadWriteEnablerError from allmydata.util import idlib, log from allmydata.util.assertutil import precondition +from allmydata.util.hashutil import constant_time_compare from allmydata.storage.lease import LeaseInfo from allmydata.storage.common import UnknownMutableContainerVersionError, \ DataTooLargeError @@ -266,7 +267,7 @@ class MutableShareFile: accepting_nodeids = set() f = open(self.home, 'rb+') for (leasenum,lease) in self._enumerate_leases(f): - if lease.renew_secret == renew_secret: + if constant_time_compare(lease.renew_secret, renew_secret): # yup. See if we need to update the owner time. if new_expire_time > lease.expiration_time: # yes @@ -312,7 +313,7 @@ class MutableShareFile: f = open(self.home, 'rb+') for (leasenum,lease) in self._enumerate_leases(f): accepting_nodeids.add(lease.nodeid) - if lease.cancel_secret == cancel_secret: + if constant_time_compare(lease.cancel_secret, cancel_secret): self._write_lease_record(f, leasenum, blank_lease) modified += 1 else: @@ -365,7 +366,9 @@ class MutableShareFile: (real_write_enabler, write_enabler_nodeid) = \ self._read_write_enabler_and_nodeid(f) f.close() - if write_enabler != real_write_enabler: + # avoid a timing attack + #if write_enabler != real_write_enabler: + if not constant_time_compare(write_enabler, real_write_enabler): # accomodate share migration by reporting the nodeid used for the # old write enabler. self.log(format="bad write enabler on SI %(si)s,"