lib-auth: auth-scram-client - Always use str_equals_timing_almost_safe() instead...

author Stephan Bosch <stephan.bosch@open-xchange.com>

Sun, 5 Nov 2023 20:10:10 +0000 (21:10 +0100)

committer Stephan Bosch <stephan.bosch@open-xchange.com>

Fri, 17 Jan 2025 17:36:39 +0000 (18:36 +0100)
author Stephan Bosch <stephan.bosch@open-xchange.com>
Sun, 5 Nov 2023 20:10:10 +0000 (21:10 +0100)
committer Stephan Bosch <stephan.bosch@open-xchange.com>
Fri, 17 Jan 2025 17:36:39 +0000 (18:36 +0100)
diff --git a/src/lib-auth/auth-scram-client.c b/src/lib-auth/auth-scram-client.c

index a8060d8cb788e58653910e4afea59232cfb7512d..128096cf725df82708f4bfb16c10c655471bc87f 100644 (file)
--- a/src/lib-auth/auth-scram-client.c
+++ b/src/lib-auth/auth-scram-client.c
@@ -394,7 +394,7 @@ auth_scram_parse_server_final(struct auth_scram_client *client,
         safe_memset(client->server_signature, 0,
                     client->hmethod->digest_size);
  
-       bool equal = (strcmp(verifier, str_c(str)) == 0);
+       bool equal = str_equals_timing_almost_safe(verifier, str_c(str));
         str_clear_safe(str);
  
         if (!equal) {
author	Stephan Bosch <stephan.bosch@open-xchange.com>
	Sun, 5 Nov 2023 20:10:10 +0000 (21:10 +0100)
committer	Stephan Bosch <stephan.bosch@open-xchange.com>
	Fri, 17 Jan 2025 17:36:39 +0000 (18:36 +0100)