Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

EAP-GTC: Use os_memcmp_const() for hash/password comparisons

This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen 10 years ago
parent
a6eae3f7a1
commit
3e4b77c9bd
1 changed files with 1 additions and 1 deletions
Split View Show Diff Stats
  1. 1 1
      src/eap_server/eap_server_gtc.c

+ 1 - 1
src/eap_server/eap_server_gtc.c
View File 

@@ -175,7 +175,7 @@ static void eap_gtc_process(struct eap_sm *sm, void *priv,
 
 	}
 
 
 	if (rlen != sm->user->password_len ||
 
-	    os_memcmp(pos, sm->user->password, rlen) != 0) {
 
+	    os_memcmp_const(pos, sm->user->password, rlen) != 0) {
 
 		wpa_printf(MSG_DEBUG, "EAP-GTC: Done - Failure");
 
 		data->state = FAILURE;
 
 	} else {