summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorMatt Johnston <matt@ucc.asn.au>2015-06-03 22:15:12 +0800
committerMatt Johnston <matt@ucc.asn.au>2015-06-03 22:15:12 +0800
commit1fa1c3f9db61e11d18363140f167ca1627e2f6ed (patch)
tree09fb61ca7f315cdbcc37780e1fdd604211fc525e
parent91df741926323203725c2f0e812834865c7b2aba (diff)
note about constant_time_strcmp and lengths
-rw-r--r--svr-authpasswd.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/svr-authpasswd.c b/svr-authpasswd.c
index 7a5a121..0153a53 100644
--- a/svr-authpasswd.c
+++ b/svr-authpasswd.c
@@ -33,6 +33,8 @@
#ifdef ENABLE_SVR_PASSWORD_AUTH
+/* not constant time when strings are differing lengths.
+ string content isn't leaked, and crypt hashes are predictable length. */
static int constant_time_strcmp(const char* a, const char* b) {
size_t la = strlen(a);
size_t lb = strlen(b);