ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-02-12 07:25:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

note about constant_time_strcmp and lengths

Browse Source
This commit is contained in:
Matt Johnston 2015-06-03 22:15:12 +08:00
parent 91df741926
commit 1fa1c3f9db
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
svr-authpasswd.c
View File

@ -33,6 +33,8 @@
#ifdef ENABLE_SVR_PASSWORD_AUTH #ifdef ENABLE_SVR_PASSWORD_AUTH
/* not constant time when strings are differing lengths.
string content isn't leaked, and crypt hashes are predictable length. */
static int constant_time_strcmp(const char* a, const char* b) { static int constant_time_strcmp(const char* a, const char* b) {
size_t la = strlen(a); size_t la = strlen(a);
size_t lb = strlen(b); size_t lb = strlen(b);