mirrors/searxng
1
0
Fork 0
mirror of https://github.com/searxng/searxng.git synced 2024-06-02 06:11:51 +00:00
Code Issues Projects Releases Wiki Activity

[fix] use hmac.compare_digest instead of ==

Browse source 
see https://docs.python.org/3/library/hmac.html#hmac.HMAC.hexdigest
This commit is contained in:
Alexandre Flament 2021-12-28 08:36:31 +01:00
parent c6922ae7c5
commit d784870209
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
searx/webapp.py
View file

@ -1067,8 +1067,9 @@ def image_proxy():
if not url:
return '', 400
h = new_hmac(settings['server']['secret_key'], url.encode())
if h != request.args.get('h'):
h_url = new_hmac(settings['server']['secret_key'], url.encode())
h_args = request.args.get('h')
if len(h_url) != len(h_args) or not hmac.compare_digest(h_url, h_args):
return '', 400
maximum_size = 5 * 1024 * 1024