]> git.ipfire.org Git - thirdparty/dovecot/core.git/commitdiff
projects / thirdparty / dovecot / core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 49a0567)
lib-auth: crypt_verify_blowfish() - use str_equals_timing_almost_safe() instad of...
authorMarco Bettini <marco.bettini@open-xchange.com>
Wed, 7 Jan 2026 16:54:57 +0000 (16:54 +0000)
committeraki.tuomi <aki.tuomi@open-xchange.com>
Thu, 8 Jan 2026 09:08:53 +0000 (09:08 +0000)
src/lib-auth/password-scheme-crypt.c patch | blob | blame | history

diff --git a/src/lib-auth/password-scheme-crypt.c b/src/lib-auth/password-scheme-crypt.c
index e1de1c5047f6d99dc7bb0cb4b654e878561aa1d7..d418b194c793cbd34a945208f99713cbbb100618 100644 (file)
--- a/src/lib-auth/password-scheme-crypt.c
+++ b/src/lib-auth/password-scheme-crypt.c
@@ -130,7 +130,7 @@ crypt_verify_blowfish(const char *plaintext, const struct password_generate_para
                return -1;
        }
 
-       return strcmp(crypted, password) == 0 ? 1 : 0;
+       return str_equals_timing_almost_safe(crypted, password) ? 1 : 0;
 }
 
 static void
Mirror of https://github.com/dovecot/core.git