[src/trunk]: src/usr.bin/su su: Use consttime_memequal instead of strcmp.

[nia <nia%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/e89888e44214
branches:  trunk
changeset: 989860:e89888e44214
user:      nia <nia%NetBSD.org@localhost>
date:      Sun Oct 17 10:33:57 2021 +0000

description:
su: Use consttime_memequal instead of strcmp.

This only affects the non-PAM case.

diffstat:

 usr.bin/su/su.c |  7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)

diffs (28 lines):

diff -r ee525f08b97d -r e89888e44214 usr.bin/su/su.c
--- a/usr.bin/su/su.c   Sun Oct 17 08:47:21 2021 +0000
+++ b/usr.bin/su/su.c   Sun Oct 17 10:33:57 2021 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: su.c,v 1.72 2015/06/16 22:54:11 christos Exp $ */
+/*     $NetBSD: su.c,v 1.73 2021/10/17 10:33:57 nia Exp $      */
 
 /*
  * Copyright (c) 1988 The Regents of the University of California.
@@ -39,7 +39,7 @@
 #if 0
 static char sccsid[] = "@(#)su.c       8.3 (Berkeley) 4/2/94";*/
 #else
-__RCSID("$NetBSD: su.c,v 1.72 2015/06/16 22:54:11 christos Exp $");
+__RCSID("$NetBSD: su.c,v 1.73 2021/10/17 10:33:57 nia Exp $");
 #endif
 #endif /* not lint */
 
@@ -285,7 +285,8 @@
 
                        } else
 #endif
-                       if (strcmp(pass, crypt(p, pass)) != 0) {
+                       if (consttime_memequal(pass,
+                           crypt(p, pass), strlen(pass)) == 0) {
 #ifdef SKEY
  badlogin:
 #endif