Mercurial > urweb

diff src/cjr_print.sml @ 1512:dcc8abbc6dfd

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Change cookie signature comparison to resist timing attacks (based on code suggested by Robin Green and Austin Seipp)
author Adam Chlipala <adam@chlipala.net>
date Tue, 19 Jul 2011 09:18:50 -0400
parents ebc30bb262d0
children c4f39b49aa2d
line wrap: on
line diff
--- a/src/cjr_print.sml	Sun Jul 17 14:49:52 2011 -0400
+++ b/src/cjr_print.sml	Tue Jul 19 09:18:50 2011 -0400
@@ -2634,7 +2634,7 @@
                               newline,
                               string "if (sig == NULL) uw_error(ctx, FATAL, \"Missing cookie signature\");",
                               newline,
-                              string "if (strcmp(sig, uw_cookie_sig(ctx)))",
+                              string "if (!uw_streq(sig, uw_cookie_sig(ctx)))",
                               newline,
                               box [string "uw_error(ctx, FATAL, \"Wrong cookie signature\");",
                                    newline],