Applied signature equality check timing fix to OAuth.

author: Andrew Arnott <andrewarnott@gmail.com> 2010-07-16 21:17:25 -0700
committer: Andrew Arnott <andrewarnott@gmail.com> 2010-07-16 21:17:25 -0700
commit: d976f3e2ef623f44fe4fc323505de2777570ea1c (patch)
tree: fe5014706bc792e046b6598599daf7f8b755eb7b /src
parent: 7ca7de5ec67f3a386a53535864e381b38c823581 (diff)
download: DotNetOpenAuth-d976f3e2ef623f44fe4fc323505de2777570ea1c.zip
DotNetOpenAuth-d976f3e2ef623f44fe4fc323505de2777570ea1c.tar.gz
DotNetOpenAuth-d976f3e2ef623f44fe4fc323505de2777570ea1c.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/DotNetOpenAuth/OAuth/ChannelElements/SigningBindingElementBase.cs b/src/DotNetOpenAuth/OAuth/ChannelElements/SigningBindingElementBase.cs
index fdf6e08..cb81139 100644
--- a/src/DotNetOpenAuth/OAuth/ChannelElements/SigningBindingElementBase.cs
+++ b/src/DotNetOpenAuth/OAuth/ChannelElements/SigningBindingElementBase.cs
@@ -273,7 +273,7 @@ namespace DotNetOpenAuth.OAuth.ChannelElements {
 			Contract.Requires<ArgumentNullException>(message != null);
 
 			string signature = this.GetSignature(message);
-			return message.Signature == signature;
+			return MessagingUtilities.EqualsConstantTime(message.Signature, signature);
 		}
 
 		/// <summary>
author	Andrew Arnott <andrewarnott@gmail.com>	2010-07-16 21:17:25 -0700
committer	Andrew Arnott <andrewarnott@gmail.com>	2010-07-16 21:17:25 -0700
commit	d976f3e2ef623f44fe4fc323505de2777570ea1c (patch)
tree	fe5014706bc792e046b6598599daf7f8b755eb7b /src
parent	7ca7de5ec67f3a386a53535864e381b38c823581 (diff)
download	DotNetOpenAuth-d976f3e2ef623f44fe4fc323505de2777570ea1c.zip DotNetOpenAuth-d976f3e2ef623f44fe4fc323505de2777570ea1c.tar.gz DotNetOpenAuth-d976f3e2ef623f44fe4fc323505de2777570ea1c.tar.bz2