diff options
| author | Mattias Andrée <m@maandree.se> | 2026-02-28 14:19:12 +0100 |
|---|---|---|
| committer | Mattias Andrée <m@maandree.se> | 2026-02-28 14:19:12 +0100 |
| commit | 6c770da67a14833e5202898360167c33d0b7eb18 (patch) | |
| tree | 0e8402d791eb08f22a1185f59e54df62e77f38ba | |
| parent | m fixes (diff) | |
| download | asroot-6c770da67a14833e5202898360167c33d0b7eb18.tar.gz asroot-6c770da67a14833e5202898360167c33d0b7eb18.tar.bz2 asroot-6c770da67a14833e5202898360167c33d0b7eb18.tar.xz | |
Signed-off-by: Mattias Andrée <m@maandree.se>
| -rw-r--r-- | asroot.c | 13 |
1 files changed, 12 insertions, 1 deletions
@@ -128,6 +128,17 @@ read_passphrase(int fd) #endif +static int +consttime_streq(const char *a, const char *b) +{ + size_t i; + int ret = 1; + for (i = 0; a[i] && b[i]; i++) + ret &= a[i] == b[i]; + return ret & !a[i] && !b[i]; +} + + static void check_password(void) { @@ -257,7 +268,7 @@ again: #endif free(passphrase); - if (strcmp(got, expected)) { + if (!consttime_streq(got, expected)) { fprintf(stderr, "%s: incorrect password, please try again\n", argv0); #if RETRY_SLEEP > 0 tcsetattr(fd, TCSAFLUSH, &stty_sleep); |
