Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
slapos
Commits
15a65975
Commit
15a65975
authored
Jan 12, 2023
by
Jérome Perrin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
stack/resilient: compare password in constant time
parent
15c1948f
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
3 additions
and
2 deletions
+3
-2
stack/resilient/buildout.hash.cfg
stack/resilient/buildout.hash.cfg
+1
-1
stack/resilient/resilient-web-takeover-cgi-script.py.in
stack/resilient/resilient-web-takeover-cgi-script.py.in
+2
-1
No files found.
stack/resilient/buildout.hash.cfg
View file @
15a65975
...
@@ -46,7 +46,7 @@ md5sum = 2c9828b57a65ee1eda62fcc4e9a92714
...
@@ -46,7 +46,7 @@ md5sum = 2c9828b57a65ee1eda62fcc4e9a92714
[resilient-web-takeover-cgi-script-download]
[resilient-web-takeover-cgi-script-download]
filename = resilient-web-takeover-cgi-script.py.in
filename = resilient-web-takeover-cgi-script.py.in
md5sum =
261d00f9ae4f75881385727832eec249
md5sum =
8f5c9830f4865265d3477fe51425e71d
[template-wrapper]
[template-wrapper]
filename = templates/wrapper.in
filename = templates/wrapper.in
...
...
stack/resilient/resilient-web-takeover-cgi-script.py.in
View file @
15a65975
...
@@ -8,6 +8,7 @@ takeover_script = '${resiliency-takeover-script:wrapper-takeover}'
...
@@ -8,6 +8,7 @@ takeover_script = '${resiliency-takeover-script:wrapper-takeover}'
import atexit
import atexit
import cgi
import cgi
import datetime
import datetime
import hmac
try:
try:
import dbm.gnu as gdbm
import dbm.gnu as gdbm
except ImportError:
except ImportError:
...
@@ -105,7 +106,7 @@ if "password" not in form:
...
@@ -105,7 +106,7 @@ if "password" not in form:
</html>
""" % (latest_backup_message, isBackupInProgress(), getSoftwareReleaseInformationFormatted()))
</html>
""" % (latest_backup_message, isBackupInProgress(), getSoftwareReleaseInformationFormatted()))
sys.exit(0)
sys.exit(0)
if
form['password'].value != '${:password}'
:
if
not hmac.compare_digest(form['password'].value.encode(), b'${:password}')
:
print("
<H1>
Error
</H1>
")
print("
<H1>
Error
</H1>
")
print("Password is invalid.")
print("Password is invalid.")
sys.exit(1)
sys.exit(1)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment