yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: Must check length before passing to timingSafeEqual

Browse Source
This commit is contained in:
Tom Moor
2022-07-09 11:19:40 +02:00
parent 32b7a7df00
commit 2893924e9a
2 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
server/routes/api/hooks.ts
View File

@@ -28,6 +28,7 @@ function verifySlackToken(token: string) {
}
if (
token.length !== env.SLACK_VERIFICATION_TOKEN.length ||
!crypto.timingSafeEqual(
Buffer.from(env.SLACK_VERIFICATION_TOKEN),
Buffer.from(token)