/src/php-src/main/safe_bcmp.c
Line | Count | Source |
1 | | /* |
2 | | +----------------------------------------------------------------------+ |
3 | | | Copyright © The PHP Group and Contributors. | |
4 | | +----------------------------------------------------------------------+ |
5 | | | This source file is subject to the Modified BSD License that is | |
6 | | | bundled with this package in the file LICENSE, and is available | |
7 | | | through the World Wide Web at <https://www.php.net/license/>. | |
8 | | | | |
9 | | | SPDX-License-Identifier: BSD-3-Clause | |
10 | | +----------------------------------------------------------------------+ |
11 | | | Author: David Carlier <devnexen@gmail.com> | |
12 | | +----------------------------------------------------------------------+ |
13 | | */ |
14 | | |
15 | | #include "php.h" |
16 | | |
17 | | #include <string.h> |
18 | | |
19 | | /* |
20 | | * Returns 0 if both inputs match, non-zero if they don't. |
21 | | * Returns -1 early if inputs do not have the same lengths. |
22 | | * |
23 | | */ |
24 | | PHPAPI int php_safe_bcmp(const zend_string *a, const zend_string *b) |
25 | 0 | { |
26 | 0 | const volatile unsigned char *ua = (const volatile unsigned char *)ZSTR_VAL(a); |
27 | 0 | const volatile unsigned char *ub = (const volatile unsigned char *)ZSTR_VAL(b); |
28 | 0 | size_t i = 0; |
29 | 0 | int r = 0; |
30 | |
|
31 | 0 | if (ZSTR_LEN(a) != ZSTR_LEN(b)) { |
32 | 0 | return -1; |
33 | 0 | } |
34 | | |
35 | | /* This is security sensitive code. Do not optimize this for speed. */ |
36 | 0 | while (i < ZSTR_LEN(a)) { |
37 | 0 | r |= ua[i] ^ ub[i]; |
38 | 0 | ++i; |
39 | 0 | } |
40 | |
|
41 | 0 | return r; |
42 | 0 | } |