diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2018-10-17 14:39:59 +0200 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2018-10-17 16:48:57 +0200 |
commit | 77651457891268376b0eb8e1ae50105c770f08a0 (patch) | |
tree | ab442b9129fcc8d40ca3f30b9581bab4adeba35b /net | |
parent | 045b322c1879874db30c3d2a6a1a2bfaa52da794 (diff) |
net: Compare cookies in constant time.
Diffstat (limited to 'net')
-rw-r--r-- | net/Cargo.toml | 1 | ||||
-rw-r--r-- | net/src/ipc.rs | 9 | ||||
-rw-r--r-- | net/src/lib.rs | 1 |
3 files changed, 10 insertions, 1 deletions
diff --git a/net/Cargo.toml b/net/Cargo.toml index cf6a5321..551f1e00 100644 --- a/net/Cargo.toml +++ b/net/Cargo.toml @@ -15,6 +15,7 @@ http = "0.1.5" hyper = "0.12" hyper-tls = "0.3" libc = "0.2.33" +memsec = "0.5.4" native-tls = "0.2.0" percent-encoding = "1.0.1" rand = "0.5" diff --git a/net/src/ipc.rs b/net/src/ipc.rs index 65cb2cb9..7aaa7e2f 100644 --- a/net/src/ipc.rs +++ b/net/src/ipc.rs @@ -449,6 +449,13 @@ impl Cookie { impl PartialEq for Cookie { fn eq(&self, other: &Cookie) -> bool { - self.0 == other.0 + // First, compare the length. + self.0.len() == other.0.len() + // The length is not a secret, hence we can use && here. + && unsafe { + ::memsec::memeq(self.0.as_ptr(), + other.0.as_ptr(), + self.0.len()) + } } } diff --git a/net/src/lib.rs b/net/src/lib.rs index b2ddfbd5..0e730b18 100644 --- a/net/src/lib.rs +++ b/net/src/lib.rs @@ -41,6 +41,7 @@ extern crate futures; extern crate http; extern crate hyper; extern crate hyper_tls; +extern crate memsec; extern crate native_tls; extern crate tokio_core; extern crate tokio_io; |