auth file, using alternative bcmp implementation

... instead to check the token. less optimised than the usual memcmp especially it goes through the whole buffers but more resilient against possible attacks. While at it, constifying a var which should have been.
author: David Carlier <devnexen@gmail.com> 2019-12-06 11:12:16 +0000
committer: dormando <dormando@rydia.net> 2020-01-13 17:38:48 -0800
commit: 81d6ddce19e40093d952bb9d0dcd8b00af09d476 (patch)
tree: 999547d6682d143a1671bf43a8b4018aafeb4b45 /util.c
parent: 6beabdff0ac3b487413f7e8bde3bb7a0c659b17e (diff)
download: memcached-81d6ddce19e40093d952bb9d0dcd8b00af09d476.tar.gz
1 files changed, 17 insertions, 0 deletions
diff --git a/util.c b/util.c
index adf0f1d..5072ae1 100644
--- a/util.c
+++ b/util.c
@@ -203,6 +203,23 @@ bool safe_strcpy(char *dst, const char *src, const size_t dstmax) {
    }
 }
 
+bool safe_memcmp(const void *a, const void *b, size_t len) {
+    const volatile unsigned char *ua = (const volatile unsigned char *)a;
+    const volatile unsigned char *ub = (const volatile unsigned char *)b;
+    int delta = 0;
+    size_t x;
+
+    for (x = 0; x < len; x++) {
+        delta |= ua[x] ^ ub[x];
+    }
+
+    if (delta == 0) {
+        return true;
+    } else {
+        return false;
+    }
+}
+
 void vperror(const char *fmt, ...) {
     int old_errno = errno;
     char buf[1024];
author	David Carlier <devnexen@gmail.com>	2019-12-06 11:12:16 +0000
committer	dormando <dormando@rydia.net>	2020-01-13 17:38:48 -0800
commit	81d6ddce19e40093d952bb9d0dcd8b00af09d476 (patch)
tree	999547d6682d143a1671bf43a8b4018aafeb4b45 /util.c
parent	6beabdff0ac3b487413f7e8bde3bb7a0c659b17e (diff)
download	memcached-81d6ddce19e40093d952bb9d0dcd8b00af09d476.tar.gz