From: Stephan Bosch Date: Sun, 5 Nov 2023 20:10:10 +0000 (+0100) Subject: lib-auth: auth-scram-client - Always use str_equals_timing_almost_safe() instead... X-Git-Tag: 2.4.0~31 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4da7565c7aff9e5206ef719b1bba00ce1bf43dbd;p=thirdparty%2Fdovecot%2Fcore.git lib-auth: auth-scram-client - Always use str_equals_timing_almost_safe() instead of strcmp() --- diff --git a/src/lib-auth/auth-scram-client.c b/src/lib-auth/auth-scram-client.c index a8060d8cb7..128096cf72 100644 --- a/src/lib-auth/auth-scram-client.c +++ b/src/lib-auth/auth-scram-client.c @@ -394,7 +394,7 @@ auth_scram_parse_server_final(struct auth_scram_client *client, safe_memset(client->server_signature, 0, client->hmethod->digest_size); - bool equal = (strcmp(verifier, str_c(str)) == 0); + bool equal = str_equals_timing_almost_safe(verifier, str_c(str)); str_clear_safe(str); if (!equal) {