summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRoy Marples <roy@marples.name>2019-04-19 21:40:14 +0100
committerRoy Marples <roy@marples.name>2019-04-19 21:40:14 +0100
commit7121040790b611ca3fbc400a1bbcd4364ef57233 (patch)
tree8a8fe409cabc4ae65de51282d69fdc0a0387d2de
parent4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8 (diff)
auth: Use consttime_memequal(3) to compare hashes
This stops any attacker from trying to infer secrets from latency. Thanks to Maxime Villard <max@m00nbsd.net>
-rw-r--r--src/auth.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/auth.c b/src/auth.c
index 9e24998c..ce97051e 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -354,7 +354,7 @@ gottoken:
}
free(mm);
- if (memcmp(d, &hmac_code, dlen)) {
+ if (!consttime_memequal(d, &hmac_code, dlen)) {
errno = EPERM;
return NULL;
}