]> git.ipfire.org Git - thirdparty/hostap.git/commitdiff
projects / thirdparty / hostap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a6eae3f)
EAP-GTC: Use os_memcmp_const() for hash/password comparisons
authorJouni Malinen <j@w1.fi>
Sun, 29 Jun 2014 17:26:25 +0000 (20:26 +0300)
committerJouni Malinen <j@w1.fi>
Wed, 2 Jul 2014 09:38:48 +0000 (12:38 +0300)
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
src/eap_server/eap_server_gtc.c patch | blob | blame | history

diff --git a/src/eap_server/eap_server_gtc.c b/src/eap_server/eap_server_gtc.c
index f423106bfc9c861480f8055191b54f231cab7a2e..98ac3c6ec49585043269283bfada465bd8cd82a8 100644 (file)
--- a/src/eap_server/eap_server_gtc.c
+++ b/src/eap_server/eap_server_gtc.c
@@ -175,7 +175,7 @@ static void eap_gtc_process(struct eap_sm *sm, void *priv,
        }
 
        if (rlen != sm->user->password_len ||
-           os_memcmp(pos, sm->user->password, rlen) != 0) {
+           os_memcmp_const(pos, sm->user->password, rlen) != 0) {
                wpa_printf(MSG_DEBUG, "EAP-GTC: Done - Failure");
                data->state = FAILURE;
        } else {
Unnamed repository; edit this file 'description' to name the repository.