diff --git a/swift/common/middleware/formpost.py b/swift/common/middleware/formpost.py index f13fcaa6a1..d52653300e 100644 --- a/swift/common/middleware/formpost.py +++ b/swift/common/middleware/formpost.py @@ -110,7 +110,7 @@ from time import gmtime, strftime, time from time import time from urllib import quote, unquote -from swift.common.utils import get_logger, strcmp_const_time +from swift.common.utils import get_logger, streq_const_time #: The size of data to read from the form at any given time. @@ -442,7 +442,7 @@ class FormPost(object): attributes.get('expires') or '0' ) sig = hmac.new(key, hmac_body, sha1).hexdigest() - if not strcmp_const_time(sig,(attributes.get('signature') or + if not streq_const_time(sig, (attributes.get('signature') or 'invalid')): return '401 Unauthorized', 'invalid signature' subenv['swift.authorize'] = lambda req: None diff --git a/swift/common/utils.py b/swift/common/utils.py index 310969609e..ecf8558b6b 100644 --- a/swift/common/utils.py +++ b/swift/common/utils.py @@ -1119,7 +1119,7 @@ def listdir(path): return [] -def strcmp_const_time(s1, s2): +def streq_const_time(s1, s2): """Constant-time string comparison. :params s1: the first string diff --git a/test/unit/common/test_utils.py b/test/unit/common/test_utils.py index 290f6824e6..5e30615a98 100644 --- a/test/unit/common/test_utils.py +++ b/test/unit/common/test_utils.py @@ -850,10 +850,10 @@ log_name = %(yarr)s''' for v in utils.TRUE_VALUES: self.assertEquals(v, v.lower()) - def test_strcmp_const_time(self): - self.assertTrue(utils.strcmp_const_time('abc123', 'abc123')) - self.assertFalse(utils.strcmp_const_time('a', 'aaaaa')) - self.assertFalse(utils.strcmp_const_time('ABC123', 'abc123')) + def test_streq_const_time(self): + self.assertTrue(utils.streq_const_time('abc123', 'abc123')) + self.assertFalse(utils.streq_const_time('a', 'aaaaa')) + self.assertFalse(utils.streq_const_time('ABC123', 'abc123')) if __name__ == '__main__':