diff options
| -rw-r--r-- | include/inspircd.h | 9 | ||||
| -rw-r--r-- | src/inspstring.cpp | 16 |
2 files changed, 25 insertions, 0 deletions
diff --git a/include/inspircd.h b/include/inspircd.h index 584a330ba..b16df9d71 100644 --- a/include/inspircd.h +++ b/include/inspircd.h @@ -669,6 +669,15 @@ class CoreExport InspIRCd */ static std::string TimeString(time_t curtime, const char* format = NULL, bool utc = false); + /** Compare two strings in a timing-safe way. If the lengths of the strings differ, the function + * returns false immediately (leaking information about the length), otherwise it compares each + * character and only returns after all characters have been compared. + * @param one First string + * @param two Second string + * @return True if the strings match, false if they don't + */ + static bool TimingSafeCompare(const std::string& one, const std::string& two); + /** Begin execution of the server. * NOTE: this function NEVER returns. Internally, * it will repeatedly loop. diff --git a/src/inspstring.cpp b/src/inspstring.cpp index 7fa4762c5..b59492738 100644 --- a/src/inspstring.cpp +++ b/src/inspstring.cpp @@ -108,3 +108,19 @@ std::string Base64ToBin(const std::string& data_str, const char* table) } return rv; } + +bool InspIRCd::TimingSafeCompare(const std::string& one, const std::string& two) +{ + if (one.length() != two.length()) + return false; + + unsigned int diff = 0; + for (std::string::const_iterator i = one.begin(), j = two.begin(); i != one.end(); ++i, ++j) + { + unsigned char a = static_cast<unsigned char>(*i); + unsigned char b = static_cast<unsigned char>(*j); + diff |= a ^ b; + } + + return (diff == 0); +} |