Fossil

Check-in [e3d022df]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Catch zero length early in blob_constant_time_eq().
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | dmitry-security
Files: files | file ages | folders
SHA1:e3d022dffae1c9de318eb7b8ab79a84fcc7b4997
User & Date: dmitry 2011-09-30 09:41:05
Context
2011-09-30
10:51
It seems like blob_constant_time_eq() is unnecessary for sync protocol signatures; removed. check-in: 48bcfbd4 user: dmitry tags: dmitry-security
09:41
Catch zero length early in blob_constant_time_eq(). check-in: e3d022df user: dmitry tags: dmitry-security
2011-09-29
21:06
Fix to the previous fix: install function to the correct database. check-in: 3782276d user: dmitry tags: dmitry-security
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/blob.c.

326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
  unsigned char *buf1, *buf2;
  unsigned char rc = 0;

  blob_is_init(pA);
  blob_is_init(pB);
  szA = blob_size(pA);
  szB = blob_size(pB);
  if( szA!=szB ) return 1;

  buf1 = blob_buffer(pA);
  buf2 = blob_buffer(pB);

  for( i=0; i<szA; i++ ){
    rc = rc | (buf1[i] ^ buf2[i]);
  }







|







326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
  unsigned char *buf1, *buf2;
  unsigned char rc = 0;

  blob_is_init(pA);
  blob_is_init(pB);
  szA = blob_size(pA);
  szB = blob_size(pB);
  if( szA!=szB || szA==0 ) return 1;

  buf1 = blob_buffer(pA);
  buf2 = blob_buffer(pB);

  for( i=0; i<szA; i++ ){
    rc = rc | (buf1[i] ^ buf2[i]);
  }