|
@@ -1012,8 +1012,8 @@ int auth_check_passwd(ppp_pcb *pcb, char *auser, unsigned int userlen, char *apa
|
|
|
secretpasswdlen = strlen(pcb->settings.passwd);
|
|
secretpasswdlen = strlen(pcb->settings.passwd);
|
|
|
if (secretuserlen == userlen
|
|
if (secretuserlen == userlen
|
|
|
&& secretpasswdlen == passwdlen
|
|
&& secretpasswdlen == passwdlen
|
|
|
- && !memcmp(auser, pcb->settings.user, userlen)
|
|
|
|
|
- && !memcmp(apasswd, pcb->settings.passwd, passwdlen) ) {
|
|
|
|
|
|
|
+ && !lwip_memcmp_consttime(auser, pcb->settings.user, userlen)
|
|
|
|
|
+ && !lwip_memcmp_consttime(apasswd, pcb->settings.passwd, passwdlen) ) {
|
|
|
*msg = "Login ok";
|
|
*msg = "Login ok";
|
|
|
*msglen = sizeof("Login ok")-1;
|
|
*msglen = sizeof("Login ok")-1;
|
|
|
return 1;
|
|
return 1;
|
Simon Goldschmidt