diff options
| author | Mattias Andrée <m@maandree.se> | 2026-02-28 14:19:22 +0100 |
|---|---|---|
| committer | Mattias Andrée <m@maandree.se> | 2026-02-28 14:19:22 +0100 |
| commit | 3ec75cb8fe8426e66aabb3193bcbcdfade5c4546 (patch) | |
| tree | b8357bb0a677c4e8618ac43c516790f0c3f3512f /gasroot-setuid.c | |
| parent | m fixes (diff) | |
| download | gasroot-1.0.2.tar.gz gasroot-1.0.2.tar.bz2 gasroot-1.0.2.tar.xz | |
Signed-off-by: Mattias Andrée <m@maandree.se>
Diffstat (limited to '')
| -rw-r--r-- | gasroot-setuid.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/gasroot-setuid.c b/gasroot-setuid.c index ca0b6c6..b970e19 100644 --- a/gasroot-setuid.c +++ b/gasroot-setuid.c @@ -204,6 +204,17 @@ recvtext(int fd, char **bufp, size_t *sizep) } +static int +consttime_streq(const char *a, const char *b) +{ + size_t i; + int ret = 1; + for (i = 0; a[i] && b[i]; i++) + ret &= a[i] == b[i]; + return ret & !a[i] && !b[i]; +} + + int main(int argc, char *argv[]) { @@ -230,7 +241,7 @@ main(int argc, char *argv[]) sendtext(fd, "HELLO"); for (;;) { recvtext(fd, &passphrase, &passphrase_size); - if (!strcmp(crypt(passphrase, expected), expected)) + if (consttime_streq(crypt(passphrase, expected), expected)) break; wipe(passphrase); #if RETRY_SLEEP > 0 |