openclaw

negodiy/openclaw

Fork 0

Commit Graph

Author	SHA1	Message	Date
David Rudduck	f1e1ad73ad	fix(security): SHA-256 hash before timingSafeEqual to prevent length leak (#20856 ) The previous implementation returned early when buffer lengths differed, leaking the expected secret's length via timing side-channel. Hashing both inputs with SHA-256 before comparison ensures fixed-length buffers and constant-time comparison regardless of input lengths.	2026-02-19 03:16:35 -08:00
Peter Steinberger	113ebfd6a2	fix(security): harden hook and device token auth	2026-02-13 01:23:53 +01:00

Author

SHA1

Message

Date

David Rudduck

f1e1ad73ad

fix(security): SHA-256 hash before timingSafeEqual to prevent length leak (#20856 )

The previous implementation returned early when buffer lengths differed,
leaking the expected secret's length via timing side-channel. Hashing both
inputs with SHA-256 before comparison ensures fixed-length buffers and
constant-time comparison regardless of input lengths.

2026-02-19 03:16:35 -08:00

Peter Steinberger

113ebfd6a2

fix(security): harden hook and device token auth

2026-02-13 01:23:53 +01:00

2 Commits