From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Wed, 25 Mar 2020 08:43:33 +0000 (+0200)
Subject: lib-imap-urlauth: Fix potential timing attack in verifying the token
X-Git-Tag: 2.3.11.2~350
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7c4a29632445540091f1d560fe94fd628e8e8446;p=thirdparty%2Fdovecot%2Fcore.git

lib-imap-urlauth: Fix potential timing attack in verifying the token
---

diff --git a/src/lib-imap-urlauth/imap-urlauth.c b/src/lib-imap-urlauth/imap-urlauth.c
index 58e2810650..a9c2673024 100644
--- a/src/lib-imap-urlauth/imap-urlauth.c
+++ b/src/lib-imap-urlauth/imap-urlauth.c
@@ -112,10 +112,11 @@ imap_urlauth_internal_verify(const char *rumpurl,
 
 	valtoken = imap_urlauth_internal_generate(rumpurl, mailbox_key,
 						  &valtoken_len);
+	/* Note: the token length has timing leak here in any case */
 	if (token_len != valtoken_len)
 		return FALSE;
 
-	return memcmp(token, valtoken, valtoken_len) == 0;
+	return mem_equals_timing_safe(token, valtoken, valtoken_len);
 }
 
 static bool