Mercurial > hg > dhcpcd

changeset 4460:130cd805b577 draft

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
auth: Use consttime_memequal(3) to compare hashes This stops any attacker from trying to infer secrets from latency. Thanks to Maxime Villard <max@m00nbsd.net>
author Roy Marples <roy@marples.name>
date Fri, 19 Apr 2019 21:40:14 +0100
parents 293fe50331c8
children e29dad61e98c
files src/auth.c
diffstat 1 files changed, 1 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/auth.c	Fri Apr 19 21:00:19 2019 +0100
+++ b/src/auth.c	Fri Apr 19 21:40:14 2019 +0100
@@ -354,7 +354,7 @@
 	}
 
 	free(mm);
-	if (memcmp(d, &hmac_code, dlen)) {
+	if (!consttime_memequal(d, &hmac_code, dlen)) {
 		errno = EPERM;
 		return NULL;
 	}