DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

EAP-MD5: Use os_memcmp_const() for hash/password comparisons

Browse source 
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2014-06-29 20:24:41 +03:00
parent 4685482552
commit a564d9ca36
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/eap_server/eap_server_md5.c
View file

@ -126,7 +126,7 @@ static void eap_md5_process(struct eap_sm *sm, void *priv,
return; return;
} }
if (os_memcmp(hash, pos, CHAP_MD5_LEN) == 0) { if (os_memcmp_const(hash, pos, CHAP_MD5_LEN) == 0) {
wpa_printf(MSG_DEBUG, "EAP-MD5: Done - Success"); wpa_printf(MSG_DEBUG, "EAP-MD5: Done - Success");
data->state = SUCCESS; data->state = SUCCESS;
} else { } else {