diff options
| author | 2014-06-28 18:27:51 +0200 | |
|---|---|---|
| committer | 2014-06-28 18:27:51 +0200 | |
| commit | c1cc5cf147babcd834ba0dbbdd4b1c1d4ae010b6 (patch) | |
| tree | 3abb61ec559f392aef92c134e02bca950e68184d /src/modules | |
| parent | Add InspIRCd::TimingSafeCompare() function that compares strings in a timing-... (diff) | |
| download | inspircd++-c1cc5cf147babcd834ba0dbbdd4b1c1d4ae010b6.tar.gz inspircd++-c1cc5cf147babcd834ba0dbbdd4b1c1d4ae010b6.tar.bz2 inspircd++-c1cc5cf147babcd834ba0dbbdd4b1c1d4ae010b6.zip | |
Use TimingSafeCompare() to compare passwords and password hashes (non-hmac only)
Issue #882
Diffstat (limited to 'src/modules')
| -rw-r--r-- | src/modules/m_password_hash.cpp | 6 | ||||
| -rw-r--r-- | src/modules/m_spanningtree/hmac.cpp | 8 |
2 files changed, 7 insertions, 7 deletions
diff --git a/src/modules/m_password_hash.cpp b/src/modules/m_password_hash.cpp index 89b6605b9..926ba5632 100644 --- a/src/modules/m_password_hash.cpp +++ b/src/modules/m_password_hash.cpp @@ -106,15 +106,15 @@ class ModuleOperHash : public Module /* Is this a valid hash name? */ if (hp) { - /* Compare the hash in the config to the generated hash */ - if (data == hp->hexsum(input)) + // Use the timing-safe compare function to compare the hashes + if (InspIRCd::TimingSafeCompare(data, hp->hexsum(input))) return MOD_RES_ALLOW; else /* No match, and must be hashed, forbid */ return MOD_RES_DENY; } - /* Not a hash, fall through to strcmp in core */ + // We don't handle this type, let other mods or the core decide return MOD_RES_PASSTHRU; } diff --git a/src/modules/m_spanningtree/hmac.cpp b/src/modules/m_spanningtree/hmac.cpp index 9b368d60b..520719c5a 100644 --- a/src/modules/m_spanningtree/hmac.cpp +++ b/src/modules/m_spanningtree/hmac.cpp @@ -86,14 +86,14 @@ bool TreeSocket::ComparePass(const Link& link, const std::string &theirs) { std::string our_hmac = MakePass(link.RecvPass, capab->ourchallenge); - /* Straight string compare of hashes */ - if (our_hmac != theirs) + // Use the timing-safe compare function to compare the hashes + if (!InspIRCd::TimingSafeCompare(our_hmac, theirs)) return false; } else { - /* Straight string compare of plaintext */ - if (link.RecvPass != theirs) + // Use the timing-safe compare function to compare the passwords + if (!InspIRCd::TimingSafeCompare(link.RecvPass, theirs)) return false; } |
