Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/usr.bin/su su: Use consttime_memequal instead of strcmp.
details: https://anonhg.NetBSD.org/src/rev/3a6f371a6749
branches: trunk
changeset: 1024296:3a6f371a6749
user: nia <nia%NetBSD.org@localhost>
date: Sun Oct 17 10:33:57 2021 +0000
description:
su: Use consttime_memequal instead of strcmp.
This only affects the non-PAM case.
diffstat:
usr.bin/su/su.c | 7 ++++---
1 files changed, 4 insertions(+), 3 deletions(-)
diffs (28 lines):
diff -r dde16d45d6db -r 3a6f371a6749 usr.bin/su/su.c
--- a/usr.bin/su/su.c Sun Oct 17 08:47:21 2021 +0000
+++ b/usr.bin/su/su.c Sun Oct 17 10:33:57 2021 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: su.c,v 1.72 2015/06/16 22:54:11 christos Exp $ */
+/* $NetBSD: su.c,v 1.73 2021/10/17 10:33:57 nia Exp $ */
/*
* Copyright (c) 1988 The Regents of the University of California.
@@ -39,7 +39,7 @@
#if 0
static char sccsid[] = "@(#)su.c 8.3 (Berkeley) 4/2/94";*/
#else
-__RCSID("$NetBSD: su.c,v 1.72 2015/06/16 22:54:11 christos Exp $");
+__RCSID("$NetBSD: su.c,v 1.73 2021/10/17 10:33:57 nia Exp $");
#endif
#endif /* not lint */
@@ -285,7 +285,8 @@
} else
#endif
- if (strcmp(pass, crypt(p, pass)) != 0) {
+ if (consttime_memequal(pass,
+ crypt(p, pass), strlen(pass)) == 0) {
#ifdef SKEY
badlogin:
#endif
Home |
Main Index |
Thread Index |
Old Index