From 31753c3c9e8871bb5fad01c67128b3374425af03 Mon Sep 17 00:00:00 2001 From: davidby-influx <72418212+davidby-influx@users.noreply.github.com> Date: Thu, 4 Apr 2024 19:58:29 -0700 Subject: [PATCH] fix: additional constant time code (#24887) closes https://github.com/influxdata/influxdb/issues/24886 --- tenant/service_user.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tenant/service_user.go b/tenant/service_user.go index 531f878c0ec..c7f30c00a24 100644 --- a/tenant/service_user.go +++ b/tenant/service_user.go @@ -293,14 +293,18 @@ var classes []func(rune) bool = []func(rune) bool{ func IsPasswordStrong(password string, doCheck bool) error { const numClassesRequired = 3 var eSlice []error = nil + var tslice []error = nil l := len(password) if l < errors.MinPasswordLen || l > errors.MaxPasswordLen { eSlice = append(eSlice, errors.EPasswordLength) + } else { + tslice = append(tslice, errors.EPasswordLength) } if doCheck { // make a password copy that is the length of the max password length constLenPassword := strings.Repeat(password, 1+(errors.MaxPasswordLen/len(password)))[:errors.MaxPasswordLen] n := 0 + t := 0 // Walk the whole string for each class, for constant time operation for _, f := range classes { @@ -310,12 +314,17 @@ func IsPasswordStrong(password string, doCheck bool) error { } if found { n++ + } else { + t++ } } if n < numClassesRequired { eSlice = append(eSlice, errors.EPasswordChars) + } else { + tslice = append(tslice, errors.EPasswordChars) } } + eBase.Join(tslice...) return eBase.Join(eSlice...) }