Bean wrote:
> On Tue, Nov 10, 2009 at 2:25 AM, Robert Millan <r...@aybabtu.com> wrote:
>
>> On Mon, Nov 09, 2009 at 07:15:48PM +0100, Vladimir 'phcoder' Serbinenko
>> wrote:
>>
>>> Robert Millan wrote:
>>>
>>>> Actually, modern CPUs are very complex and the number of operations (or
>>>> time taken by them) isn't easy to predict.
>>>>
>>>>
>>>>
>>> It's generally a good practice to do exactly same operations
>>> independently of result just store the result in a separate variable
>>> it's how RSA is correctly implemented
>>>
>>> for (n = grub_strlen (s1); n >= 0; n--)
>>> {
>>> if (*s1 != *s2)
>>> ret |= 1;
>>> else
>>> ret |= 0;
>>>
>> Uhm I didn't check, but I'd suspect -Os would optimize this out.
>>
>> Anyhow, if we move the fixed time wait to the outer loop, it should no
>> longer be a problem.
>>
>> We could also check the approach taken by e.g. su from coreutils.
>>
>
> Hi,
>
> How about this one:
>
> int
> grub_auth_strcmp (const char *s1, const char *s2)
> {
> int result = 0;
>
> for (; *s1 != 0; s1++, s2++)
> result += (*s1 != *s2);
>
> return (result != 0);
> }
>
>
>
Welcome to club: try it with
"abc", "abcdef"
They will match :(. Exactly the same problem as with my code but I like
the approach. Perhaps:
int
grub_auth_strcmp (const char *s1, const char *s2)
{
int result = 0;
for (; *s1 != 0; s1++, s2++)
result += (*s1 != *s2);
return !(result == 0 && *s2 == 0);
}
--
Regards
Vladimir 'phcoder' Serbinenko
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
