Mercurial > dropbear
diff svr-authpasswd.c @ 835:4095b6d7c9fc ecc
Merge in changes from the past couple of releases
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Fri, 18 Oct 2013 21:38:01 +0800 |
| parents | a625f9e135a4 |
| children | 50f8a24953e6 |
line wrap: on
line diff
--- a/svr-authpasswd.c Sat May 25 00:54:19 2013 +0800 +++ b/svr-authpasswd.c Fri Oct 18 21:38:01 2013 +0800 @@ -33,6 +33,17 @@ #ifdef ENABLE_SVR_PASSWORD_AUTH +static int constant_time_strcmp(const char* a, const char* b) { + size_t la = strlen(a); + size_t lb = strlen(b); + + if (la != lb) { + return 1; + } + + return constant_time_memcmp(a, b, la); +} + /* Process a password auth request, sending success or failure messages as * appropriate */ void svr_auth_password() { @@ -82,7 +93,7 @@ return; } - if (strcmp(testcrypt, passwdcrypt) == 0) { + if (constant_time_strcmp(testcrypt, passwdcrypt) == 0) { /* successful authentication */ dropbear_log(LOG_NOTICE, "Password auth succeeded for '%s' from %s",