net: Compare cookies in constant time.

3 files changed, 10 insertions, 1 deletions

diff --git a/net/Cargo.toml b/net/Cargo.toml
index cf6a5321..551f1e00 100644
--- a/net/Cargo.toml
+++ b/net/Cargo.toml
@@ -15,6 +15,7 @@ http = "0.1.5"
 hyper = "0.12"
 hyper-tls = "0.3"
 libc = "0.2.33"
+memsec = "0.5.4"
 native-tls = "0.2.0"
 percent-encoding = "1.0.1"
 rand = "0.5"
diff --git a/net/src/ipc.rs b/net/src/ipc.rs
index 65cb2cb9..7aaa7e2f 100644
--- a/net/src/ipc.rs
+++ b/net/src/ipc.rs
@@ -449,6 +449,13 @@ impl Cookie {
 
 impl PartialEq for Cookie {
     fn eq(&self, other: &Cookie) -> bool {
-        self.0 == other.0
+        // First, compare the length.
+        self.0.len() == other.0.len()
+            // The length is not a secret, hence we can use && here.
+            && unsafe {
+                ::memsec::memeq(self.0.as_ptr(),
+                                other.0.as_ptr(),
+                                self.0.len())
+            }
     }
 }
diff --git a/net/src/lib.rs b/net/src/lib.rs
index b2ddfbd5..0e730b18 100644
--- a/net/src/lib.rs
+++ b/net/src/lib.rs
@@ -41,6 +41,7 @@ extern crate futures;
 extern crate http;
 extern crate hyper;
 extern crate hyper_tls;
+extern crate memsec;
 extern crate native_tls;
 extern crate tokio_core;
 extern crate tokio_io;