From ed95a5621ac9c4f5002e68a981f8b24d5caaedf4 Mon Sep 17 00:00:00 2001 From: Franklin Wei Date: Mon, 28 Mar 2016 14:11:22 -0400 Subject: kludge things to compile on old linux --- src/auth.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'src/auth.c') diff --git a/src/auth.c b/src/auth.c index 069e9fe..c7b53d3 100644 --- a/src/auth.c +++ b/src/auth.c @@ -193,11 +193,12 @@ struct userdata_t *auth_check(const char *name2, const char *pass2) { debugf("auth module: user %s found\n", name2); - /* hashes are in HEX to avoid the Trucha bug */ + /* hashes are in lowercase hex to avoid the Trucha bug + * but still allow comparison with strcmp() */ char *new_hash_hex = hash_pass_hex(pass, salt); bool success = true; - /* constant-time comparison to a timing attack */ + /* constant-time comparison to hopefully prevent a timing attack */ for(int i = 0; i < AUTH_HASHLEN; ++i) { if(new_hash_hex[i] != hash[i]) -- cgit v1.1