From 7cb91b3b9995c92bfd2bfb694669f02d7fa44618 Mon Sep 17 00:00:00 2001
From: Tatu Lund <tatu@vaadin.com>
Date: Mon, 1 Feb 2021 17:51:22 +0200
Subject: fix: use time-constant comparison for CSRF tokens (#12188)

This hardens the framework against a theoretical timing attack based on
comparing how quickly a request with an invalid CSRF token is rejected.

Cherry-picked from: https://github.com/vaadin/flow/pull/9875
---
 server/src/main/java/com/vaadin/server/VaadinService.java | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'server/src/main/java/com/vaadin')

diff --git a/server/src/main/java/com/vaadin/server/VaadinService.java b/server/src/main/java/com/vaadin/server/VaadinService.java
index 31ddf7b8ba..45e71dace7 100644
--- a/server/src/main/java/com/vaadin/server/VaadinService.java
+++ b/server/src/main/java/com/vaadin/server/VaadinService.java
@@ -29,6 +29,8 @@ import java.io.Serializable;
 import java.lang.reflect.Constructor;
 import java.net.MalformedURLException;
 import java.net.URL;
+import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
@@ -1962,7 +1964,9 @@ public abstract class VaadinService implements Serializable {
                 .isXsrfProtectionEnabled()) {
             String sessionToken = session.getCsrfToken();
 
-            if (sessionToken == null || !sessionToken.equals(requestToken)) {
+            if (sessionToken == null || !MessageDigest.isEqual(
+                    sessionToken.getBytes(StandardCharsets.UTF_8),
+                    requestToken.getBytes(StandardCharsets.UTF_8))) {
                 return false;
             }
         }
-- 
cgit v1.2.3