nghttp2_hd: Mitigate timing attack

This commit is contained in:
Tatsuhiro Tsujikawa 2014-01-07 21:51:48 +09:00
parent 9eb031ce83
commit d703197a50
1 changed files with 15 additions and 6 deletions

View File

@ -103,6 +103,17 @@ static nghttp2_hd_entry static_table[] = {
static const size_t STATIC_TABLE_LENGTH =
sizeof(static_table)/sizeof(static_table[0]);
static int memeq(const void *s1, const void *s2, size_t n)
{
const uint8_t *a = (const uint8_t*)s1, *b = (const uint8_t*)s2;
uint8_t c = 0;
while(n > 0) {
c |= (*a++) ^ (*b++);
--n;
}
return c == 0;
}
typedef struct {
nghttp2_nv *nva;
size_t nvacap;
@ -914,13 +925,12 @@ static nghttp2_hd_entry* add_hd_table_incremental(nghttp2_hd_context *context,
static int name_eq(const nghttp2_nv *a, const nghttp2_nv *b)
{
return a->namelen == b->namelen && memcmp(a->name, b->name, a->namelen) == 0;
return a->namelen == b->namelen && memeq(a->name, b->name, a->namelen);
}
static int value_eq(const nghttp2_nv *a, const nghttp2_nv *b)
{
return a->valuelen == b->valuelen &&
memcmp(a->value, b->value, a->valuelen) == 0;
return a->valuelen == b->valuelen && memeq(a->value, b->value, a->valuelen);
}
typedef struct {
@ -1021,8 +1031,7 @@ nghttp2_hd_entry* nghttp2_hd_table_get(nghttp2_hd_context *context,
}
#define name_match(NV, NAME) \
(nv->namelen == sizeof(NAME) - 1 && \
memcmp(nv->name, NAME, sizeof(NAME) - 1) == 0)
(nv->namelen == sizeof(NAME) - 1 && memeq(nv->name, NAME, sizeof(NAME) - 1))
static int should_indexing(const nghttp2_nv *nv)
{