Module Name: src
Committed By: nia
Date: Sun Oct 17 10:33:57 UTC 2021
Modified Files:
src/usr.bin/su: su.c
Log Message:
su: Use consttime_memequal instead of strcmp.
This only affects the non-PAM case.
To generate a diff of this commit:
cvs rdiff -u -r1.72 -r1.73 src/usr.bin/su/su.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.bin/su/su.c
diff -u src/usr.bin/su/su.c:1.72 src/usr.bin/su/su.c:1.73
--- src/usr.bin/su/su.c:1.72 Tue Jun 16 22:54:11 2015
+++ src/usr.bin/su/su.c Sun Oct 17 10:33:57 2021
@@ -1,4 +1,4 @@
-/* $NetBSD: su.c,v 1.72 2015/06/16 22:54:11 christos Exp $ */
+/* $NetBSD: su.c,v 1.73 2021/10/17 10:33:57 nia Exp $ */
/*
* Copyright (c) 1988 The Regents of the University of California.
@@ -39,7 +39,7 @@ __COPYRIGHT("@(#) Copyright (c) 1988\
#if 0
static char sccsid[] = "@(#)su.c 8.3 (Berkeley) 4/2/94";*/
#else
-__RCSID("$NetBSD: su.c,v 1.72 2015/06/16 22:54:11 christos Exp $");
+__RCSID("$NetBSD: su.c,v 1.73 2021/10/17 10:33:57 nia Exp $");
#endif
#endif /* not lint */
@@ -285,7 +285,8 @@ main(int argc, char **argv)
} else
#endif
- if (strcmp(pass, crypt(p, pass)) != 0) {
+ if (consttime_memequal(pass,
+ crypt(p, pass), strlen(pass)) == 0) {
#ifdef SKEY
badlogin:
#endif
