[Pkg-privacy-commits] [libotr] 192/225: Add comment to clarify memory comparison in auth.c
Ximin Luo
infinity0 at moszumanska.debian.org
Sat Aug 22 12:45:30 UTC 2015
This is an automated email from the git hooks/post-receive script.
infinity0 pushed a commit to branch master
in repository libotr.
commit 0efbd84a475f5981426abbf40d8b4caaa52f9993
Author: David Goulet <dgoulet at ev0ke.net>
Date: Sun Jul 13 14:37:45 2014 -0400
Add comment to clarify memory comparison in auth.c
Related to #20 that submitted a wrong patch due to bad understanding
thus the reason of this commit.
Signed-off-by: David Goulet <dgoulet at ev0ke.net>
Fixes #20
---
src/auth.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/auth.c b/src/auth.c
index c85fc07..9d1e5a9 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -371,7 +371,11 @@ gcry_error_t otrl_auth_handle_commit(OtrlAuthInfo *auth,
* while in case some other logged in instance of our buddy
* replied with a DHKEY message. In that case, use the
* incoming parameters. Otherwise, compare the hashgx
- * values to see which one wins. */
+ * values to see which one wins.
+ *
+ * This does NOT use constant time comparison because these
+ * are two public values thus don't need it. Also, this checks
+ * which pubkey is larger and not if they are the same. */
if (!is_master && memcmp(auth->hashgx, hashbuf, 32) > 0) {
/* Ours wins. Ignore the message we received, and just
* resend the same D-H Commit message again. */
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/libotr.git
More information about the Pkg-privacy-commits
mailing list