]> git.ipfire.org Git - thirdparty/openvpn.git/commit
projects / thirdparty / openvpn.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7c66a6d) | patch
Make management password check constant time
authorArne Schwabe <arne@rfc2549.org>
Tue, 20 Dec 2022 14:04:58 +0000 (15:04 +0100)
committerGert Doering <gert@greenie.muc.de>
Tue, 20 Dec 2022 15:19:34 +0000 (16:19 +0100)
commite567f34262b0670fd51cbbcb6c6866b046454cee
tree39aeeaa4bc8e58207b0dd829986b1f0d421e0d98tree
parent7c66a6dab54d8efcde57c8fb562f95d95f9b18d4commit | diff
Make management password check constant time

This changes the password check on the management interface to be constant
time. Normally the management port should not be exposed in a way that
allows an attacker to even interact with it but making the check constant
time as an additional layer of security is always good.

Patch v2: include NUL byte in comparison

Reported-by: Connor Edwards <cedw@pm.me>
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20221220140458.2666637-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25784.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
src/openvpn/manage.c diff | blob | blame | history
Mirror of https://github.com/OpenVPN/openvpn.git