From 098602163498b06ec865ab02625cc0ba19f43786 Mon Sep 17 00:00:00 2001
From: Attila Molnar <attilamolnar@hush.com>
Date: Sat, 28 Jun 2014 18:25:05 +0200
Subject: Add InspIRCd::TimingSafeCompare() function that compares strings in a
 timing-safe way

---
 include/inspircd.h | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'include')

diff --git a/include/inspircd.h b/include/inspircd.h
index 584a330ba..b16df9d71 100644
--- a/include/inspircd.h
+++ b/include/inspircd.h
@@ -669,6 +669,15 @@ class CoreExport InspIRCd
 	 */
 	static std::string TimeString(time_t curtime, const char* format = NULL, bool utc = false);
 
+	/** Compare two strings in a timing-safe way. If the lengths of the strings differ, the function
+	 * returns false immediately (leaking information about the length), otherwise it compares each
+	 * character and only returns after all characters have been compared.
+	 * @param one First string
+	 * @param two Second string
+	 * @return True if the strings match, false if they don't
+	 */
+	static bool TimingSafeCompare(const std::string& one, const std::string& two);
+
 	/** Begin execution of the server.
 	 * NOTE: this function NEVER returns. Internally,
 	 * it will repeatedly loop.
-- 
cgit v1.2.3