Change cookie signature comparison to resist timing attacks (based on code suggested by Robin Green and Austin Seipp)

author: Adam Chlipala <adam@chlipala.net> 2011-07-19 09:18:50 -0400
committer: Adam Chlipala <adam@chlipala.net> 2011-07-19 09:18:50 -0400
commit: ac6fd6218962bf60b86cdfa64b8f7110ffc35ad3 (patch)
tree: 5a3ddc7abde84b7531e001931b0cf158d78938b5 /src/cjr_print.sml
parent: 0b12664f70f258a5928d051b5e71715b84dd37b6 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/cjr_print.sml b/src/cjr_print.sml
index 79d7e7da..340ac9f5 100644
--- a/src/cjr_print.sml
+++ b/src/cjr_print.sml
@@ -2634,7 +2634,7 @@ fun p_file env (ds, ps) =
                               newline,
                               string "if (sig == NULL) uw_error(ctx, FATAL, \"Missing cookie signature\");",
                               newline,
-                              string "if (strcmp(sig, uw_cookie_sig(ctx)))",
+                              string "if (!uw_streq(sig, uw_cookie_sig(ctx)))",
                               newline,
                               box [string "uw_error(ctx, FATAL, \"Wrong cookie signature\");",
                                    newline],
author	Adam Chlipala <adam@chlipala.net>	2011-07-19 09:18:50 -0400
committer	Adam Chlipala <adam@chlipala.net>	2011-07-19 09:18:50 -0400
commit	ac6fd6218962bf60b86cdfa64b8f7110ffc35ad3 (patch)
tree	5a3ddc7abde84b7531e001931b0cf158d78938b5 /src/cjr_print.sml
parent	0b12664f70f258a5928d051b5e71715b84dd37b6 (diff)