security: use constant-time comparison to prevent timing attack

boybundit · Jan 29, 2018 · 356b98c · 356b98c
1 parent 443e55b
commit 356b98c
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/linebot.js b/lib/linebot.js
@@ -35,7 +35,7 @@ class LineBot extends EventEmitter {
       return false;
     }
     let res = 0;
-    for (let i = 0; i < Math.min(hash.length, signature.length); i++) {
+    for (let i = 0; i < hash.length; i++) {
       res |= (hash.charCodeAt(i) ^ signature.charCodeAt(i));
     }
     return res === 0;