On Tue, Nov 10, 2009 at 2:46 AM, Vladimir 'phcoder' Serbinenko <phco...@gmail.com> wrote: > Bean wrote: >> On Tue, Nov 10, 2009 at 2:25 AM, Robert Millan <r...@aybabtu.com> wrote: >> >>> On Mon, Nov 09, 2009 at 07:15:48PM +0100, Vladimir 'phcoder' Serbinenko >>> wrote: >>> >>>> Robert Millan wrote: >>>> >>>>> Actually, modern CPUs are very complex and the number of operations (or >>>>> time taken by them) isn't easy to predict. >>>>> >>>>> >>>>> >>>> It's generally a good practice to do exactly same operations >>>> independently of result just store the result in a separate variable >>>> it's how RSA is correctly implemented >>>> >>>> for (n = grub_strlen (s1); n >= 0; n--) >>>> { >>>> if (*s1 != *s2) >>>> ret |= 1; >>>> else >>>> ret |= 0; >>>> >>> Uhm I didn't check, but I'd suspect -Os would optimize this out. >>> >>> Anyhow, if we move the fixed time wait to the outer loop, it should no >>> longer be a problem. >>> >>> We could also check the approach taken by e.g. su from coreutils. >>> >> >> Hi, >> >> How about this one: >> >> int >> grub_auth_strcmp (const char *s1, const char *s2) >> { >> int result = 0; >> >> for (; *s1 != 0; s1++, s2++) >> result += (*s1 != *s2); >> >> return (result != 0); >> } >> >> >> > Welcome to club: try it with > "abc", "abcdef" > They will match :(. Exactly the same problem as with my code but I like > the approach. Perhaps: > > int > grub_auth_strcmp (const char *s1, const char *s2) > { > int result = 0; > > for (; *s1 != 0; s1++, s2++) > result += (*s1 != *s2); > > return !(result == 0 && *s2 == 0); > }
Hi, This one work: int auth_strcmp (const char *s1, const char *s2) { int result = 0; while (1) { result += (*s1 != *s2); if (*s1 == 0) break; s1++; s2++; } return (result != 0); } The trick is to compare the ending '\0' as well, so that partial match is not satisfied. -- Bean My repository: https://launchpad.net/burg Document: https://help.ubuntu.com/community/Burg _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel