diff options
| author | Hans Nilsson <hans@erlang.org> | 2020-01-08 12:57:50 +0100 |
|---|---|---|
| committer | Hans Nilsson <hans@erlang.org> | 2020-01-08 15:40:24 +0100 |
| commit | d4bab14d06503a133aec2afc9d829c6562206d6a (patch) | |
| tree | d635782405038f10aedd39cabe4f022464dff0db | |
| parent | 850d016a2de739bf58dc588c13fe378debf758e1 (diff) | |
| download | erlang-d4bab14d06503a133aec2afc9d829c6562206d6a.tar.gz | |
ssh: Use constant time comparision in some places
| -rw-r--r-- | lib/ssh/src/ssh_auth.erl | 2 | ||||
| -rw-r--r-- | lib/ssh/src/ssh_transport.erl | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl index 03d264745b..6d9373e9db 100644 --- a/lib/ssh/src/ssh_auth.erl +++ b/lib/ssh/src/ssh_auth.erl @@ -473,7 +473,7 @@ check_password(User, Password, Opts, Ssh) -> case ?GET_OPT(pwdfun, Opts) of undefined -> Static = get_password_option(Opts, User), - {Password == Static, Ssh}; + {crypto:equal_const_time(Password,Static), Ssh}; Checker when is_function(Checker,2) -> {Checker(User, Password), Ssh}; diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 6820f534cb..313593c680 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -222,7 +222,7 @@ is_valid_mac(_, _ , #ssh{recv_mac_size = 0}) -> true; is_valid_mac(Mac, Data, #ssh{recv_mac = Algorithm, recv_mac_key = Key, recv_sequence = SeqNum}) -> - Mac == mac(Algorithm, Key, SeqNum, Data). + crypto:equal_const_time(Mac, mac(Algorithm, Key, SeqNum, Data)). format_version({Major,Minor}, SoftwareVersion) -> "SSH-" ++ integer_to_list(Major) ++ "." ++ |