From 3ec75cb8fe8426e66aabb3193bcbcdfade5c4546 Mon Sep 17 00:00:00 2001
From: Mattias Andrée <m@maandree.se>
Date: Sat, 28 Feb 2026 14:19:22 +0100
Subject: Use constant-time string comparision for password hash checking
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Mattias Andrée <m@maandree.se>
---
 gasroot-setuid.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'gasroot-setuid.c')

diff --git a/gasroot-setuid.c b/gasroot-setuid.c
index ca0b6c6..b970e19 100644
--- a/gasroot-setuid.c
+++ b/gasroot-setuid.c
@@ -204,6 +204,17 @@ recvtext(int fd, char **bufp, size_t *sizep)
 }
 
 
+static int
+consttime_streq(const char *a, const char *b)
+{
+	size_t i;
+	int ret = 1;
+	for (i = 0; a[i] && b[i]; i++)
+		ret &= a[i] == b[i];
+	return ret & !a[i] && !b[i];
+}
+
+
 int
 main(int argc, char *argv[])
 {
@@ -230,7 +241,7 @@ main(int argc, char *argv[])
 	sendtext(fd, "HELLO");
 	for (;;) {
 		recvtext(fd, &passphrase, &passphrase_size);
-		if (!strcmp(crypt(passphrase, expected), expected))
+		if (consttime_streq(crypt(passphrase, expected), expected))
 			break;
 		wipe(passphrase);
 #if RETRY_SLEEP > 0
-- 
cgit v1.2.3-70-g09d2