summaryrefslogtreecommitdiff
path: root/src/mod_auth.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/mod_auth.c')
-rw-r--r--src/mod_auth.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/mod_auth.c b/src/mod_auth.c
index 34e5e91a..2a7bcea8 100644
--- a/src/mod_auth.c
+++ b/src/mod_auth.c
@@ -1128,7 +1128,7 @@ static handler_t mod_auth_check_digest(server *srv, connection *con, void *p_d,
mod_auth_digest_mutate(&ai,m,uri,nonce,cnonce,nc,qop);
- if (0 != memcmp(rdigest, ai.digest, ai.dlen)) {
+ if (!http_auth_const_time_memeq(rdigest, ai.digest, ai.dlen)) {
/* digest not ok */
log_error_write(srv, __FILE__, __LINE__, "sssB",
"digest: auth failed for ", username, ": wrong password, IP:", con->dst_addr_buf);