Re: Imminent bugfix release (1.97.1)

[Vladimir 'phcoder' Serbinenko]

Bean wrote:
> On Tue, Nov 10, 2009 at 2:25 AM, Robert Millan <address@hidden> wrote:
>   
>> On Mon, Nov 09, 2009 at 07:15:48PM +0100, Vladimir 'phcoder' Serbinenko 
>> wrote:
>>     
>>> Robert Millan wrote:
>>>       
>>>> Actually, modern CPUs are very complex and the number of operations (or
>>>> time taken by them) isn't easy to predict.
>>>>
>>>>
>>>>         
>>> It's generally a good practice to do exactly same operations
>>> independently of result just store the result in a separate variable
>>> it's how RSA is correctly implemented
>>>
>>>   for (n = grub_strlen (s1); n >= 0; n--)
>>>   {
>>>     if (*s1 != *s2)
>>>       ret |= 1;
>>>     else
>>>       ret |= 0;
>>>       
>> Uhm I didn't check, but I'd suspect -Os would optimize this out.
>>
>> Anyhow, if we move the fixed time wait to the outer loop, it should no
>> longer be a problem.
>>
>> We could also check the approach taken by e.g. su from coreutils.
>>     
>
> Hi,
>
> How about this one:
>
> int
> grub_auth_strcmp (const char *s1, const char *s2)
> {
>   int result = 0;
>
>   for (; *s1 != 0; s1++, s2++)
>     result += (*s1 != *s2);
>
>   return (result != 0);
> }
>
>
>   
Welcome to club: try it with
"abc", "abcdef"
They will match :(. Exactly the same problem as with my code but I like
the approach. Perhaps:

int
grub_auth_strcmp (const char *s1, const char *s2)
{
  int result = 0;

  for (; *s1 != 0; s1++, s2++)
    result += (*s1 != *s2);

  return !(result == 0 && *s2 == 0);
}




-- 
Regards
Vladimir 'phcoder' Serbinenko

signature.asc
Description: OpenPGP digital signature