From 42064cdf2b5e41eee71aa76f64c5ef6b43c1ca73 Mon Sep 17 00:00:00 2001
From: Christian Göttsche <cgzones@googlemail.com>
Date: Sat, 20 Jan 2024 14:07:11 +0100
Subject: pam_unix: compare password hashes in constant time

Compare the hashes in constant time as a defense-in-depth mechanism,
since performance is not a priority.
---
 modules/pam_unix/passverify.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'modules')

diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
index 1c83f1aa..624ba783 100644
--- a/modules/pam_unix/passverify.c
+++ b/modules/pam_unix/passverify.c
@@ -94,7 +94,7 @@ PAMH_ARG_DECL(int verify_pwd_hash,
 	} else {
 		if (pam_str_skip_prefix(hash, "$1$") != NULL) {
 			pp = Goodcrypt_md5(p, hash);
-			if (pp && strcmp(pp, hash) != 0) {
+			if (pp && !pam_consttime_streq(pp, hash)) {
 				_pam_delete(pp);
 				pp = Brokencrypt_md5(p, hash);
 			}
@@ -163,7 +163,7 @@ PAMH_ARG_DECL(int verify_pwd_hash,
 		/* the moment of truth -- do we agree with the password? */
 		D(("comparing state of pp[%s] and hash[%s]", pp ? pp : "(null)", hash));
 
-		if (pp && strcmp(pp, hash) == 0) {
+		if (pp && pam_consttime_streq(pp, hash)) {
 			retval = PAM_SUCCESS;
 		} else {
 			retval = PAM_AUTH_ERR;
-- 
cgit v1.2.3