From 1a0d5cdd20f640b821242a134277a1c156c0af2c Mon Sep 17 00:00:00 2001
From: Joe Gregorio <jcgregorio@google.com>
Date: Mon, 8 Oct 2012 13:48:58 -0400
Subject: [PATCH] HMAC verification does not use a cosntant time algorithm.

Reviewed in https://codereview.appspot.com/6640043/.
---
 oauth2client/xsrfutil.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/oauth2client/xsrfutil.py b/oauth2client/xsrfutil.py
index 7d5fdbe..7e1fe5c 100644
--- a/oauth2client/xsrfutil.py
+++ b/oauth2client/xsrfutil.py
@@ -100,7 +100,14 @@ def validate_token(key, token, user_id, action_id="", current_time=None):
   # The given token should match the generated one with the same time.
   expected_token = generate_token(key, user_id, action_id=action_id,
                                   when=token_time)
-  if token != expected_token:
+  if len(token) != len(expected_token):
+    return False
+
+  # Perform constant time comparison to avoid timing attacks
+  different = 0
+  for x, y in zip(token, expected_token):
+    different |= ord(x) ^ ord(y)
+  if different:
     return False
 
   return True