aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_server
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2014-06-29 17:25:36 (GMT)
committerJouni Malinen <j@w1.fi>2014-07-02 09:38:48 (GMT)
commita6eae3f7a1477aaa15b2461340c2cd269da2232c (patch)
tree66ab96f7b96b89a187145f2b41dce382c519098c /src/eap_server
parent30411b351c16ef4dae12d84d8f7dd7137b145f11 (diff)
downloadhostap-a6eae3f7a1477aaa15b2461340c2cd269da2232c.zip
hostap-a6eae3f7a1477aaa15b2461340c2cd269da2232c.tar.gz
hostap-a6eae3f7a1477aaa15b2461340c2cd269da2232c.tar.bz2
EAP-MSCHAPv2: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing information to potential attackers from comparisons of information received from a remote device and private material known only by the authorized devices. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/eap_server')
-rw-r--r--src/eap_server/eap_server_mschapv2.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/eap_server/eap_server_mschapv2.c b/src/eap_server/eap_server_mschapv2.c
index 0eb7908..68e6394 100644
--- a/src/eap_server/eap_server_mschapv2.c
+++ b/src/eap_server/eap_server_mschapv2.c
@@ -393,7 +393,7 @@ static void eap_mschapv2_process_response(struct eap_sm *sm,
return;
}
- if (os_memcmp(nt_response, expected, 24) == 0) {
+ if (os_memcmp_const(nt_response, expected, 24) == 0) {
const u8 *pw_hash;
u8 pw_hash_buf[16], pw_hash_hash[16];