[tahoe-lafs-trac-stream] [Tahoe-LAFS] #3834: The logic for determining a correct lease renew secret is duplicated
Tahoe-LAFS
trac at tahoe-lafs.org
Thu Oct 28 15:44:43 UTC 2021
#3834: The logic for determining a correct lease renew secret is duplicated
---------------------+---------------------------
Reporter: exarkun | Owner: exarkun
Type: defect | Status: new
Priority: normal | Milestone: undecided
Component: unknown | Version: n/a
Keywords: | Launchpad Bug:
---------------------+---------------------------
Both `ShareFile.renew_lease` and `MutableShareFile.renew_lease` take care
to use `timing_safe_comparison` for checking to see if a supplied renew
secret matches the secret in an existing lease.
Instead, `LeaseInfo` could provide a method for doing this check and
getting it right, leaving the two `renew_lease` implementations to focus
on the application logic instead of defense against the timing side-
channel.
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/3834>
Tahoe-LAFS <https://Tahoe-LAFS.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list