Browse code
auth_ephemeral: test the lenghts for compared passwords
Daniel-Constantin Mierla authored on 03/05/2019 09:53:15
Showing 1 changed files
| ... | ... |
@@ -523,8 +523,9 @@ int ki_autheph_authenticate(sip_msg_t *_m, str *susername, str *spassword) |
| 523 | 523 |
{
|
| 524 | 524 |
LM_DBG("generated password: %.*s\n",
|
| 525 | 525 |
sgenerated_password.len, sgenerated_password.s); |
| 526 |
- if (strncmp(spassword->s, sgenerated_password.s, |
|
| 527 |
- spassword->len) == 0) |
|
| 526 |
+ if (spassword->len == sgenerated_password.len |
|
| 527 |
+ && strncmp(spassword->s, sgenerated_password.s, |
|
| 528 |
+ spassword->len) == 0) |
|
| 528 | 529 |
{
|
| 529 | 530 |
SECRET_UNLOCK; |
| 530 | 531 |
return AUTH_OK; |