Re: Imminent bugfix release (1.97.1)

[Bean]

On Tue, Nov 10, 2009 at 2:25 AM, Robert Millan <address@hidden> wrote:
> On Mon, Nov 09, 2009 at 07:15:48PM +0100, Vladimir 'phcoder' Serbinenko wrote:
>> Robert Millan wrote:
>> >
>> > Actually, modern CPUs are very complex and the number of operations (or
>> > time taken by them) isn't easy to predict.
>> >
>> >
>> It's generally a good practice to do exactly same operations
>> independently of result just store the result in a separate variable
>> it's how RSA is correctly implemented
>>
>>   for (n = grub_strlen (s1); n >= 0; n--)
>>   {
>>     if (*s1 != *s2)
>>       ret |= 1;
>>     else
>>       ret |= 0;
>
> Uhm I didn't check, but I'd suspect -Os would optimize this out.
>
> Anyhow, if we move the fixed time wait to the outer loop, it should no
> longer be a problem.
>
> We could also check the approach taken by e.g. su from coreutils.

Hi,

How about this one:

int
grub_auth_strcmp (const char *s1, const char *s2)
{
  int result = 0;

  for (; *s1 != 0; s1++, s2++)
    result += (*s1 != *s2);

  return (result != 0);
}


-- 
Bean

My repository: https://launchpad.net/burg
Document: https://help.ubuntu.com/community/Burg