Skip to content

Commit

Permalink
ppp: use constant-time memcmp for checking credentials
Browse files Browse the repository at this point in the history 
See #65119
  • Loading branch information
@goldsimon
goldsimon committed Jan 9, 2024
1 parent 25de99d commit c167a54
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/netif/ppp/auth.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1012,8 +1012,8 @@ int auth_check_passwd(ppp_pcb *pcb, char *auser, unsigned int userlen, char *apa
secretpasswdlen = strlen(pcb->settings.passwd);
if (secretuserlen == userlen
&& secretpasswdlen == passwdlen
&& !memcmp(auser, pcb->settings.user, userlen)
&& !memcmp(apasswd, pcb->settings.passwd, passwdlen) ) {
&& !lwip_memcmp_consttime(auser, pcb->settings.user, userlen)
&& !lwip_memcmp_consttime(apasswd, pcb->settings.passwd, passwdlen) ) {
*msg = "Login ok";
*msglen = sizeof("Login ok")-1;
return 1;
Expand Down

0 comments on commit c167a54

Please sign in to comment.