pam_unix: compare password hashes in constant time

Compare the hashes in constant time as a defense-in-depth mechanism, since performance is not a priority.
author: Christian Göttsche <cgzones@googlemail.com> 2024-01-20 14:07:11 +0100
committer: Christian Göttsche <cgzones@googlemail.com> 2024-04-13 22:02:36 +0200
commit: 42064cdf2b5e41eee71aa76f64c5ef6b43c1ca73 (patch)
tree: a7f8c853b345f299a8e22b5a73e7757061ca4cdc /modules
parent: c11ccdfad1596199713f75a61f34672f7529ab73 (diff)
download: pam-42064cdf2b5e41eee71aa76f64c5ef6b43c1ca73.tar.gz
pam-42064cdf2b5e41eee71aa76f64c5ef6b43c1ca73.tar.bz2
pam-42064cdf2b5e41eee71aa76f64c5ef6b43c1ca73.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
index 1c83f1aa..624ba783 100644
--- a/modules/pam_unix/passverify.c
+++ b/modules/pam_unix/passverify.c
@@ -94,7 +94,7 @@ PAMH_ARG_DECL(int verify_pwd_hash,
 	} else {
 		if (pam_str_skip_prefix(hash, "$1$") != NULL) {
 			pp = Goodcrypt_md5(p, hash);
-			if (pp && strcmp(pp, hash) != 0) {
+			if (pp && !pam_consttime_streq(pp, hash)) {
 				_pam_delete(pp);
 				pp = Brokencrypt_md5(p, hash);
 			}
@@ -163,7 +163,7 @@ PAMH_ARG_DECL(int verify_pwd_hash,
 		/* the moment of truth -- do we agree with the password? */
 		D(("comparing state of pp[%s] and hash[%s]", pp ? pp : "(null)", hash));
 
-		if (pp && strcmp(pp, hash) == 0) {
+		if (pp && pam_consttime_streq(pp, hash)) {
 			retval = PAM_SUCCESS;
 		} else {
 			retval = PAM_AUTH_ERR;
author	Christian Göttsche <cgzones@googlemail.com>	2024-01-20 14:07:11 +0100
committer	Christian Göttsche <cgzones@googlemail.com>	2024-04-13 22:02:36 +0200
commit	42064cdf2b5e41eee71aa76f64c5ef6b43c1ca73 (patch)
tree	a7f8c853b345f299a8e22b5a73e7757061ca4cdc /modules
parent	c11ccdfad1596199713f75a61f34672f7529ab73 (diff)
download	pam-42064cdf2b5e41eee71aa76f64c5ef6b43c1ca73.tar.gz pam-42064cdf2b5e41eee71aa76f64c5ef6b43c1ca73.tar.bz2 pam-42064cdf2b5e41eee71aa76f64c5ef6b43c1ca73.zip