mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexander Rojas <>
Subject Re: Review Request 67357: Added constant time comparison of JWT signatures.
Date Thu, 31 May 2018 09:02:40 GMT

This is an automatically generated e-mail. To reply, visit:

(Updated May 31, 2018, 11:02 a.m.)

Review request for Alexander Rukletsov.

Repository: mesos

Description (updated)

A vulnerability in our JWT implementation allows an unauthenticated
remote attacker to execute to execute timing attacks [1].

This patch removes the vulnerability by adding a constant time
comparison of hashes, where the whole message is visited during
the comparison instead of returning at the first failure.


Diffs (updated)

  3rdparty/libprocess/src/jwt.cpp 4477ddd17dede2b924a47e33942b39244f10316f 




make check


Alexander Rojas

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message