Skip to content
Snippets Groups Projects
Commit 9a69c241 authored by Nick Mathewson's avatar Nick Mathewson :game_die:
Browse files

Do not use strcmp() to compare an http authenticator to its expected value 

This fixes a side-channel attack on the (fortunately unused!)
BridgePassword option for bridge authorities.  Fix for bug 5543;
bugfix on 0.2.0.14-alpha.
parent 9740f067
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment