[tahoe-lafs-trac-stream] [Tahoe-LAFS] #3834: The logic for determining a correct lease renew secret is duplicated

Tahoe-LAFS trac at tahoe-lafs.org
Thu Oct 28 15:44:43 UTC 2021


#3834: The logic for determining a correct lease renew secret is duplicated
---------------------+---------------------------
 Reporter:  exarkun  |          Owner:  exarkun
     Type:  defect   |         Status:  new
 Priority:  normal   |      Milestone:  undecided
Component:  unknown  |        Version:  n/a
 Keywords:           |  Launchpad Bug:
---------------------+---------------------------
 Both `ShareFile.renew_lease` and `MutableShareFile.renew_lease` take care
 to use `timing_safe_comparison` for checking to see if a supplied renew
 secret matches the secret in an existing lease.

 Instead, `LeaseInfo` could provide a method for doing this check and
 getting it right, leaving the two `renew_lease` implementations to focus
 on the application logic instead of defense against the timing side-
 channel.

--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/3834>
Tahoe-LAFS <https://Tahoe-LAFS.org>
secure decentralized storage


More information about the tahoe-lafs-trac-stream mailing list