diff options
author | David Carlier <devnexen@gmail.com> | 2019-12-06 11:12:16 +0000 |
---|---|---|
committer | dormando <dormando@rydia.net> | 2020-01-13 17:38:48 -0800 |
commit | 81d6ddce19e40093d952bb9d0dcd8b00af09d476 (patch) | |
tree | 999547d6682d143a1671bf43a8b4018aafeb4b45 /util.c | |
parent | 6beabdff0ac3b487413f7e8bde3bb7a0c659b17e (diff) | |
download | memcached-81d6ddce19e40093d952bb9d0dcd8b00af09d476.tar.gz |
auth file, using alternative bcmp implementation
... instead to
check the token. less optimised than the usual memcmp especially
it goes through the whole buffers but more resilient against possible
attacks.
While at it, constifying a var which should have been.
Diffstat (limited to 'util.c')
-rw-r--r-- | util.c | 17 |
1 files changed, 17 insertions, 0 deletions
@@ -203,6 +203,23 @@ bool safe_strcpy(char *dst, const char *src, const size_t dstmax) { } } +bool safe_memcmp(const void *a, const void *b, size_t len) { + const volatile unsigned char *ua = (const volatile unsigned char *)a; + const volatile unsigned char *ub = (const volatile unsigned char *)b; + int delta = 0; + size_t x; + + for (x = 0; x < len; x++) { + delta |= ua[x] ^ ub[x]; + } + + if (delta == 0) { + return true; + } else { + return false; + } +} + void vperror(const char *fmt, ...) { int old_errno = errno; char buf[1024]; |