Security: backport #737 to the v0.8.x branch #740
1 changed files with 3 additions and 3 deletions
|
@ -350,9 +350,9 @@ pub async fn verify_v4(
|
||||||
)
|
)
|
||||||
.ok_or_internal_error("Unable to build signing HMAC")?;
|
.ok_or_internal_error("Unable to build signing HMAC")?;
|
||||||
hmac.update(payload);
|
hmac.update(payload);
|
||||||
let our_signature = hex::encode(hmac.finalize().into_bytes());
|
let signature = hex::decode(&signature).map_err(|_| Error::forbidden("Invalid signature"))?;
|
||||||
if signature != our_signature {
|
if hmac.verify_slice(&signature).is_err() {
|
||||||
return Err(Error::forbidden("Invalid signature".to_string()));
|
return Err(Error::forbidden("Invalid signature"));
|
||||||
}
|
}
|
||||||
|
|
||||||
Ok(key)
|
Ok(key)
|
||||||
|
|
Loading…
Reference in a new issue