auth: Fix potential timing attack in verying crypt() results

Probably impractical attack in any case, but lets do this just to be extra
safe.

diff --git a/src/auth/password-scheme.c b/src/auth/password-scheme.c
index 24b38cfb772cdf654aba9e2b61c0bcd7df99508d..790813cf53d7e1a7a736c70ef97d0c1a5d9cc4ed 100644 (file)
--- a/src/auth/password-scheme.c
+++ b/src/auth/password-scheme.c
@@ -330,7 +330,7 @@ int crypt_verify(const char *plaintext, const struct password_generate_params *p
                return -1;
        }
 
-       return strcmp(crypted, password) == 0 ? 1 : 0;
+       return str_equals_timing_almost_safe(crypted, password) ? 1 : 0;
 }
 
 static int
@@ -345,7 +345,7 @@ md5_verify(const char *plaintext, const struct password_generate_params *params,
        if (str_begins(password, "$1$")) {
                /* MD5-CRYPT */
                str = password_generate_md5_crypt(plaintext, password);
-               return strcmp(str, password) == 0 ? 1 : 0;
+               return str_equals_timing_almost_safe(str, password) ? 1 : 0;
        } else if (password_decode(password, "PLAIN-MD5",
                                   &md5_password, &md5_size, &error) <= 0) {
                *error_r = "Not a valid MD5-CRYPT or PLAIN-MD5 password";
@@ -365,7 +365,7 @@ md5_crypt_verify(const char *plaintext, const struct password_generate_params *p
 
        password = t_strndup(raw_password, size);
        str = password_generate_md5_crypt(plaintext, password);
-       return strcmp(str, password) == 0 ? 1 : 0;
+       return str_equals_timing_almost_safe(str, password) ? 1 : 0;
 }
 
 static void