Message162739
The secure_compare() function immediately returns False when both strings don't have equal length. With the patch the run time of secure_compare() always depends on the length of the right side. It no longer gives away information about the length of the left side.
The patch should be applied in combination with the patch in issue #14955. |
|
Date |
User |
Action |
Args |
2012-06-13 23:00:24 | christian.heimes | set | recipients:
+ christian.heimes |
2012-06-13 23:00:24 | christian.heimes | set | messageid: <1339628424.5.0.00054113371222.issue15061@psf.upfronthosting.co.za> |
2012-06-13 23:00:23 | christian.heimes | link | issue15061 messages |
2012-06-13 23:00:23 | christian.heimes | create | |
|