diff options
author | Attila Molnar <attilamolnar@hush.com> | 2014-06-28 18:27:51 +0200 |
---|---|---|
committer | Attila Molnar <attilamolnar@hush.com> | 2014-06-28 18:27:51 +0200 |
commit | c1cc5cf147babcd834ba0dbbdd4b1c1d4ae010b6 (patch) | |
tree | 3abb61ec559f392aef92c134e02bca950e68184d /src/modules/m_password_hash.cpp | |
parent | 098602163498b06ec865ab02625cc0ba19f43786 (diff) |
Use TimingSafeCompare() to compare passwords and password hashes (non-hmac only)
Issue #882
Diffstat (limited to 'src/modules/m_password_hash.cpp')
-rw-r--r-- | src/modules/m_password_hash.cpp | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/modules/m_password_hash.cpp b/src/modules/m_password_hash.cpp index 89b6605b9..926ba5632 100644 --- a/src/modules/m_password_hash.cpp +++ b/src/modules/m_password_hash.cpp @@ -106,15 +106,15 @@ class ModuleOperHash : public Module /* Is this a valid hash name? */ if (hp) { - /* Compare the hash in the config to the generated hash */ - if (data == hp->hexsum(input)) + // Use the timing-safe compare function to compare the hashes + if (InspIRCd::TimingSafeCompare(data, hp->hexsum(input))) return MOD_RES_ALLOW; else /* No match, and must be hashed, forbid */ return MOD_RES_DENY; } - /* Not a hash, fall through to strcmp in core */ + // We don't handle this type, let other mods or the core decide return MOD_RES_PASSTHRU; } |