vendor: github.com/fernet/fernet-go v0.0.0-20211208181803-9f70042a33ee
Fixes a potential panic.
full diff: 9eac43b88a...9f70042a33
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
parent
4113a88523
commit
1e48b64538
5 changed files with 23 additions and 5 deletions
|
@ -107,7 +107,7 @@ require (
|
|||
github.com/cyphar/filepath-securejoin v0.2.3 // indirect
|
||||
github.com/dustin/go-humanize v1.0.0 // indirect
|
||||
github.com/felixge/httpsnoop v1.0.2 // indirect
|
||||
github.com/fernet/fernet-go v0.0.0-20180830025343-9eac43b88a5e // indirect
|
||||
github.com/fernet/fernet-go v0.0.0-20211208181803-9f70042a33ee // indirect
|
||||
github.com/fsnotify/fsnotify v1.5.1 // indirect
|
||||
github.com/go-logr/logr v1.2.2 // indirect
|
||||
github.com/go-logr/stdr v1.2.2 // indirect
|
||||
|
|
|
@ -417,8 +417,8 @@ github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5Kwzbycv
|
|||
github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
|
||||
github.com/felixge/httpsnoop v1.0.2 h1:+nS9g82KMXccJ/wp0zyRW9ZBHFETmMGtkk+2CTTrW4o=
|
||||
github.com/felixge/httpsnoop v1.0.2/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
|
||||
github.com/fernet/fernet-go v0.0.0-20180830025343-9eac43b88a5e h1:P10tZmVD2XclAaT9l7OduMH1OLFzTa1wUuUqHZnEdI0=
|
||||
github.com/fernet/fernet-go v0.0.0-20180830025343-9eac43b88a5e/go.mod h1:2H9hjfbpSMHwY503FclkV/lZTBh2YlOmLLSda12uL8c=
|
||||
github.com/fernet/fernet-go v0.0.0-20211208181803-9f70042a33ee h1:v6Eju/FhxsACGNipFEPBZZAzGr1F/jlRQr1qiBw2nEE=
|
||||
github.com/fernet/fernet-go v0.0.0-20211208181803-9f70042a33ee/go.mod h1:2H9hjfbpSMHwY503FclkV/lZTBh2YlOmLLSda12uL8c=
|
||||
github.com/fluent/fluent-logger-golang v1.9.0 h1:zUdY44CHX2oIUc7VTNZc+4m+ORuO/mldQDA7czhWXEg=
|
||||
github.com/fluent/fluent-logger-golang v1.9.0/go.mod h1:2/HCT/jTy78yGyeNGQLGQsjF3zzzAuy6Xlk6FCMV5eU=
|
||||
github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
|
||||
|
|
6
vendor/github.com/fernet/fernet-go/fernet.go
generated
vendored
6
vendor/github.com/fernet/fernet-go/fernet.go
generated
vendored
|
@ -30,6 +30,7 @@ const (
|
|||
payOffset = ivOffset + aes.BlockSize
|
||||
overhead = 1 + 8 + aes.BlockSize + sha256.Size // ver + ts + iv + hmac
|
||||
maxClockSkew = 60 * time.Second
|
||||
uint64Bytes = 8
|
||||
)
|
||||
|
||||
var encoding = base64.URLEncoding
|
||||
|
@ -63,7 +64,7 @@ func decodedLen(n int) int {
|
|||
|
||||
// if msg is nil, decrypts in place and returns a slice of tok.
|
||||
func verify(msg, tok []byte, ttl time.Duration, now time.Time, k *Key) []byte {
|
||||
if len(tok) < 1 || tok[0] != version {
|
||||
if len(tok) < 1+uint64Bytes || tok[0] != version {
|
||||
return nil
|
||||
}
|
||||
ts := time.Unix(int64(binary.BigEndian.Uint64(tok[1:])), 0)
|
||||
|
@ -71,6 +72,9 @@ func verify(msg, tok []byte, ttl time.Duration, now time.Time, k *Key) []byte {
|
|||
return nil
|
||||
}
|
||||
n := len(tok) - sha256.Size
|
||||
if n <= 0 {
|
||||
return nil
|
||||
}
|
||||
var hmac [sha256.Size]byte
|
||||
genhmac(hmac[:0], tok[:n], k.signBytes())
|
||||
if subtle.ConstantTimeCompare(tok[n:], hmac[:]) != 1 {
|
||||
|
|
14
vendor/github.com/fernet/fernet-go/invalid.json
generated
vendored
14
vendor/github.com/fernet/fernet-go/invalid.json
generated
vendored
|
@ -54,5 +54,19 @@
|
|||
"now": "1985-10-26T01:20:01-07:00",
|
||||
"ttl_sec": 60,
|
||||
"secret": "cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4="
|
||||
},
|
||||
{
|
||||
"desc": "very short payload size",
|
||||
"token": "gAAAAABdnQ1TUKh2OE_ggbyCIxfg",
|
||||
"now": "1985-10-26T01:20:01-07:00",
|
||||
"ttl_sec": 0,
|
||||
"secret": "cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4="
|
||||
},
|
||||
{
|
||||
"desc": "super short payload size",
|
||||
"token": "gAAA",
|
||||
"now": "1985-10-26T01:20:01-07:00",
|
||||
"ttl_sec": 0,
|
||||
"secret": "cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4="
|
||||
}
|
||||
]
|
||||
|
|
2
vendor/modules.txt
vendored
2
vendor/modules.txt
vendored
|
@ -319,7 +319,7 @@ github.com/dustin/go-humanize
|
|||
# github.com/felixge/httpsnoop v1.0.2
|
||||
## explicit; go 1.13
|
||||
github.com/felixge/httpsnoop
|
||||
# github.com/fernet/fernet-go v0.0.0-20180830025343-9eac43b88a5e
|
||||
# github.com/fernet/fernet-go v0.0.0-20211208181803-9f70042a33ee
|
||||
## explicit
|
||||
github.com/fernet/fernet-go
|
||||
# github.com/fluent/fluent-logger-golang v1.9.0
|
||||
|
|
Loading…
Reference in a new issue