Use rad_digest_cmp() to avoid timing attacks

author Alan T. DeKok <aland@freeradius.org>

Wed, 23 Feb 2011 10:01:17 +0000 (11:01 +0100)

committer Alan T. DeKok <aland@freeradius.org>

Wed, 23 Feb 2011 10:01:17 +0000 (11:01 +0100)
author Alan T. DeKok <aland@freeradius.org>
Wed, 23 Feb 2011 10:01:17 +0000 (11:01 +0100)
committer Alan T. DeKok <aland@freeradius.org>
Wed, 23 Feb 2011 10:01:17 +0000 (11:01 +0100)
diff --git a/src/modules/rlm_mschap/rlm_mschap.c b/src/modules/rlm_mschap/rlm_mschap.c

index be8908d9c8ad7e2e76317aafed73fe13ef0002f3..c512018f6cc13684c56085fc89db78ca11282693 100644 (file)
--- a/src/modules/rlm_mschap/rlm_mschap.c
+++ b/src/modules/rlm_mschap/rlm_mschap.c
@@ -673,7 +673,7 @@ static int do_mschap(rlm_mschap_t *inst,
                 }
  
                 smbdes_mschap(password->vp_strvalue, challenge, calculated);
-               if (memcmp(response, calculated, 24) != 0) {
+               if (rad_digest_cmp(response, calculated, 24) != 0) {
                         return -1;
                 }
author	Alan T. DeKok <aland@freeradius.org>
	Wed, 23 Feb 2011 10:01:17 +0000 (11:01 +0100)
committer	Alan T. DeKok <aland@freeradius.org>
	Wed, 23 Feb 2011 10:01:17 +0000 (11:01 +0100)