From 51633e000b1eaf979c110a0f9454b11e39276406 Mon Sep 17 00:00:00 2001 From: Romain LE JEUNE Date: Tue, 4 Oct 2022 13:16:47 +0200 Subject: [PATCH] GODT-1609: apply change from MR --- internal/bridge/smtp_backend.go | 3 ++- internal/user/user.go | 2 +- pkg/mobileconfig/config.go | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/internal/bridge/smtp_backend.go b/internal/bridge/smtp_backend.go index 4efca227..4fe90717 100644 --- a/internal/bridge/smtp_backend.go +++ b/internal/bridge/smtp_backend.go @@ -1,6 +1,7 @@ package bridge import ( + "crypto/subtle" "sync" "github.com/ProtonMail/proton-bridge/v2/internal/user" @@ -23,7 +24,7 @@ func (backend *smtpBackend) Login(state *smtp.ConnectionState, username string, defer backend.usersLock.RUnlock() for _, user := range backend.users { - if slices.Contains(user.Emails(), username) && string(user.BridgePass()) == password { + if slices.Contains(user.Emails(), username) && subtle.ConstantTimeCompare(user.BridgePass(), []byte(password)) != 1 { return user.NewSMTPSession(username), nil } } diff --git a/internal/user/user.go b/internal/user/user.go index 610a55ad..9bc35b58 100644 --- a/internal/user/user.go +++ b/internal/user/user.go @@ -206,7 +206,7 @@ func (user *User) GluonKey() []byte { // BridgePass returns the user's bridge password, used for authentication over SMTP and IMAP. func (user *User) BridgePass() []byte { - return []byte(user.vault.BridgePass()) + return user.vault.BridgePass() } // UsedSpace returns the total space used by the user on the API. diff --git a/pkg/mobileconfig/config.go b/pkg/mobileconfig/config.go index b81057d9..ac6fbb3a 100644 --- a/pkg/mobileconfig/config.go +++ b/pkg/mobileconfig/config.go @@ -57,7 +57,7 @@ type SMTP struct { // Leave Username blank to do not use SMTP authentication. Username string // Leave Password blank to use IMAP credentials. - Password string + Password []byte } func (c *Config) WriteOut(w io.Writer) error {