kludge things to compile on old linux

author: Franklin Wei <git@fwei.tk> 2016-03-28 14:11:22 -0400
committer: Franklin Wei <git@fwei.tk> 2016-03-31 17:09:36 -0400
commit: ed95a5621ac9c4f5002e68a981f8b24d5caaedf4 (patch)
tree: aee87cf74280e8f9dd29aca88d12a638f37b2493 /src/auth.c
parent: 13052597a19fd2212efb7f51f19ed73b9f4b6ba4 (diff)
download: netcosm-ed95a5621ac9c4f5002e68a981f8b24d5caaedf4.zip
netcosm-ed95a5621ac9c4f5002e68a981f8b24d5caaedf4.tar.gz
netcosm-ed95a5621ac9c4f5002e68a981f8b24d5caaedf4.tar.bz2
netcosm-ed95a5621ac9c4f5002e68a981f8b24d5caaedf4.tar.xz
1 files changed, 3 insertions, 2 deletions
diff --git a/src/auth.c b/src/auth.c
index 069e9fe..c7b53d3 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -193,11 +193,12 @@ struct userdata_t *auth_check(const char *name2, const char *pass2)
     {
         debugf("auth module: user %s found\n", name2);
 
-        /* hashes are in HEX to avoid the Trucha bug */
+        /* hashes are in lowercase hex to avoid the Trucha bug
+         * but still allow comparison with strcmp() */
         char *new_hash_hex = hash_pass_hex(pass, salt);
 
         bool success = true;
-        /* constant-time comparison to a timing attack */
+        /* constant-time comparison to hopefully prevent a timing attack */
         for(int i = 0; i < AUTH_HASHLEN; ++i)
         {
             if(new_hash_hex[i] != hash[i])
author	Franklin Wei <git@fwei.tk>	2016-03-28 14:11:22 -0400
committer	Franklin Wei <git@fwei.tk>	2016-03-31 17:09:36 -0400
commit	ed95a5621ac9c4f5002e68a981f8b24d5caaedf4 (patch)
tree	aee87cf74280e8f9dd29aca88d12a638f37b2493 /src/auth.c
parent	13052597a19fd2212efb7f51f19ed73b9f4b6ba4 (diff)
download	netcosm-ed95a5621ac9c4f5002e68a981f8b24d5caaedf4.zip netcosm-ed95a5621ac9c4f5002e68a981f8b24d5caaedf4.tar.gz netcosm-ed95a5621ac9c4f5002e68a981f8b24d5caaedf4.tar.bz2 netcosm-ed95a5621ac9c4f5002e68a981f8b24d5caaedf4.tar.xz