From 9d182c6dd81e7d55df6ef7e3e334e2e245002fcb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9B=BE=E6=96=87=E9=94=8B0668000834?= Date: Tue, 10 Mar 2026 19:30:17 +0800 Subject: [PATCH] fix(security): restore constant-time comparison bitwise operator The bitwise & operator is intentional in constant_time_eq() to prevent timing side-channel attacks. Both comparisons must always execute to ensure constant-time behavior regardless of the first comparison result. - Revert logical && back to bitwise & - Add #[allow(clippy::needless_bitwise_bool)] annotation - Add explanatory comment documenting the intentional use --- src/security/pairing.rs | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/security/pairing.rs b/src/security/pairing.rs index 8be08cbe8..2906ad017 100644 --- a/src/security/pairing.rs +++ b/src/security/pairing.rs @@ -285,6 +285,7 @@ fn is_token_hash(value: &str) -> bool { /// /// Does not short-circuit on length mismatch — always iterates over the /// longer input to avoid leaking length information via timing. +#[allow(clippy::needless_bitwise_bool)] pub fn constant_time_eq(a: &str, b: &str) -> bool { let a = a.as_bytes(); let b = b.as_bytes(); @@ -301,7 +302,9 @@ pub fn constant_time_eq(a: &str, b: &str) -> bool { let y = *b.get(i).unwrap_or(&0); byte_diff |= x ^ y; } - (len_diff == 0) && (byte_diff == 0) + // Intentional use of bitwise & (not &&) to ensure constant-time execution + // and prevent timing side-channel attacks. Both comparisons must execute. + (len_diff == 0) & (byte_diff == 0) } /// Check if a host string represents a non-localhost bind address.