diff options
| author | Nick Mathewson <nickm@torproject.org> | 2011-05-10 16:58:38 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2011-05-11 16:12:51 -0400 |
| commit | 59f9097d5c3dc010847c359888d31757d1c97904 (patch) | |
| tree | baed5184d13d62645e00d1ed815ffc0861b2ff87 /src/common/compat.c | |
| parent | db7b2a33eef9c8d432442b072f9c8868a068bb91 (diff) | |
| download | tor-59f9097d5c3dc010847c359888d31757d1c97904.tar.gz tor-59f9097d5c3dc010847c359888d31757d1c97904.zip | |
Hand-conversion and audit phase of memcmp transition
Here I looked at the results of the automated conversion and cleaned
them up as follows:
If there was a tor_memcmp or tor_memeq that was in fact "safe"[*] I
changed it to a fast_memcmp or fast_memeq.
Otherwise if there was a tor_memcmp that could turn into a
tor_memneq or tor_memeq, I converted it.
This wants close attention.
[*] I'm erring on the side of caution here, and leaving some things
as tor_memcmp that could in my opinion use the data-dependent
fast_memcmp variant.
Diffstat (limited to 'src/common/compat.c')
| -rw-r--r-- | src/common/compat.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/common/compat.c b/src/common/compat.c index ea46d43d82..39651084a0 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -312,6 +312,8 @@ tor_vsnprintf(char *str, size_t size, const char *format, va_list args) * <b>needle</b>, return a pointer to the first occurrence of the needle * within the haystack, or NULL if there is no such occurrence. * + * This function is <em>not</em> timing-safe. + * * Requires that nlen be greater than zero. */ const void * @@ -336,7 +338,7 @@ tor_memmem(const void *_haystack, size_t hlen, while ((p = memchr(p, first, end-p))) { if (p+nlen > end) return NULL; - if (tor_memeq(p, needle, nlen)) + if (fast_memeq(p, needle, nlen)) return p; ++p; } |