WEP shared key: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing information to potential attackers from comparisons of information received from a remote device and private material known only by the authorized devices. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
3e4b77c9bd
commit
34ef46ce54
1 changed files with 2 additions and 1 deletions
|
@ -236,7 +236,8 @@ static u16 auth_shared_key(struct hostapd_data *hapd, struct sta_info *sta,
|
||||||
|
|
||||||
/* Transaction 3 */
|
/* Transaction 3 */
|
||||||
if (!iswep || !sta->challenge || !challenge ||
|
if (!iswep || !sta->challenge || !challenge ||
|
||||||
os_memcmp(sta->challenge, challenge, WLAN_AUTH_CHALLENGE_LEN)) {
|
os_memcmp_const(sta->challenge, challenge,
|
||||||
|
WLAN_AUTH_CHALLENGE_LEN)) {
|
||||||
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
||||||
HOSTAPD_LEVEL_INFO,
|
HOSTAPD_LEVEL_INFO,
|
||||||
"shared key authentication - invalid "
|
"shared key authentication - invalid "
|
||||||
|
|
Loading…
Reference in a new issue