From: Alan T. DeKok <aland@freeradius.org>
Date: Wed, 23 Feb 2011 10:01:17 +0000 (+0100)
Subject: Use rad_digest_cmp() to avoid timing attacks
X-Git-Tag: release_2_1_11~109
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fcdfad0c63dafb88b0efe257df735e1718d69a58;p=thirdparty%2Ffreeradius-server.git

Use rad_digest_cmp() to avoid timing attacks
---

diff --git a/src/modules/rlm_mschap/rlm_mschap.c b/src/modules/rlm_mschap/rlm_mschap.c
index be8908d9c8a..c512018f6cc 100644
--- a/src/modules/rlm_mschap/rlm_mschap.c
+++ b/src/modules/rlm_mschap/rlm_mschap.c
@@ -673,7 +673,7 @@ static int do_mschap(rlm_mschap_t *inst,
 		}
 
 		smbdes_mschap(password->vp_strvalue, challenge, calculated);
-		if (memcmp(response, calculated, 24) != 0) {
+		if (rad_digest_cmp(response, calculated, 24) != 0) {
 			return -1;
 		}