Mercurial > dropbear

changeset 1086:50f8a24953e6

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
note about constant_time_strcmp and lengths
author Matt Johnston <matt@ucc.asn.au>
date Wed, 03 Jun 2015 22:15:12 +0800
parents ad14e2e71190
children 1e486f368ec3
files svr-authpasswd.c
diffstat 1 files changed, 2 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/svr-authpasswd.c	Wed Jun 03 21:45:32 2015 +0800
+++ b/svr-authpasswd.c	Wed Jun 03 22:15:12 2015 +0800
@@ -33,6 +33,8 @@
 
 #ifdef ENABLE_SVR_PASSWORD_AUTH
 
+/* not constant time when strings are differing lengths. 
+ string content isn't leaked, and crypt hashes are predictable length. */
 static int constant_time_strcmp(const char* a, const char* b) {
 	size_t la = strlen(a);
 	size_t lb = strlen(b);