From 3ab2b90744d4307f46d3cab4ab89923dcb6841f5 Mon Sep 17 00:00:00 2001
From: Brian Gianforcaro <bgianf@serenityos.org>
Date: Sat, 12 Mar 2022 21:50:31 -0800
Subject: [PATCH] LibCore: Use timing_safe_compare to compare password hash
 values

This is not strictly required, as we are comparing hashes, not the
password it self. However given this is generic code that could be
used anywhere in the system, it seems prudent to be cautious and
make sure we don't inadvertently leak any information about the hash
via timing attacks in future usages of `LibCore::Account`.

Reported-by: Jessica Hamilton <jessica.l.hamilton@gmail.com>
---
 Userland/Libraries/LibCore/Account.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Userland/Libraries/LibCore/Account.cpp b/Userland/Libraries/LibCore/Account.cpp
index f756fc6681..5d935c7b3a 100644
--- a/Userland/Libraries/LibCore/Account.cpp
+++ b/Userland/Libraries/LibCore/Account.cpp
@@ -1,10 +1,12 @@
 /*
  * Copyright (c) 2020, Peter Elliott <pelliott@serenityos.org>
+ * Copyright (c) 2021-2022, Brian Gianforcaro <bgianf@serenityos.org>
  *
  * SPDX-License-Identifier: BSD-2-Clause
  */
 
 #include <AK/Base64.h>
+#include <AK/Memory.h>
 #include <AK/Random.h>
 #include <AK/ScopeGuard.h>
 #include <LibCore/Account.h>
@@ -134,7 +136,7 @@ bool Account::authenticate(SecretString const& password) const
 
     // FIXME: Use crypt_r if it can be built in lagom.
     char* hash = crypt(password.characters(), m_password_hash.characters());
-    return hash != nullptr && strcmp(hash, m_password_hash.characters()) == 0;
+    return hash != nullptr && AK::timing_safe_compare(hash, m_password_hash.characters(), m_password_hash.length());
 }
 
 bool Account::login() const