Skip to content
This repository has been archived by the owner on Feb 24, 2024. It is now read-only.

Fix #886: ensure generated CSRF is not overriden #1011

Merged
merged 2 commits into from
Apr 7, 2018
Merged

Fix #886: ensure generated CSRF is not overriden #1011

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
97c3121
Fix #886: ensure generated CSRF is not overriden
stanislas-m Apr 7, 2018
c73cbb3
Merge branch 'development' into fix/886-csrf-override
stanislas-m Apr 7, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 5 additions & 3 deletions middleware/csrf/csrf.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,12 +65,13 @@ var New = func(next buffalo.Handler) buffalo.Handler {
}

var realToken []byte
var err error
rawRealToken := c.Session().Get(tokenKey)

if rawRealToken == nil || len(rawRealToken.([]byte)) != tokenLength {
// If the token is missing, or the length if the token is wrong,
// generate a new token.
realToken, err := generateRandomBytes(tokenLength)
realToken, err = generateRandomBytes(tokenLength)
if err != nil {
return err
}
Expand Down Expand Up @@ -171,8 +172,9 @@ func compareTokens(a, b []byte) bool {
// one-time-pad used to mask it.
func xorToken(a, b []byte) []byte {
n := len(a)
if len(b) < n {
n = len(b)
bn := len(b)
if bn < n {
n = bn
}

res := make([]byte, n)
Expand Down