/src/php-src/main/safe_bcmp.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | +----------------------------------------------------------------------+ |
3 | | | Copyright (c) The PHP Group | |
4 | | +----------------------------------------------------------------------+ |
5 | | | This source file is subject to version 3.01 of the PHP license, | |
6 | | | that is bundled with this package in the file LICENSE, and is | |
7 | | | available through the world-wide-web at the following url: | |
8 | | | https://www.php.net/license/3_01.txt | |
9 | | | If you did not receive a copy of the PHP license and are unable to | |
10 | | | obtain it through the world-wide-web, please send a note to | |
11 | | | license@php.net so we can mail you a copy immediately. | |
12 | | +----------------------------------------------------------------------+ |
13 | | | Author: David Carlier <devnexen@gmail.com> | |
14 | | +----------------------------------------------------------------------+ |
15 | | */ |
16 | | |
17 | | #include "php.h" |
18 | | |
19 | | #include <string.h> |
20 | | |
21 | | /* |
22 | | * Returns 0 if both inputs match, non-zero if they don't. |
23 | | * Returns -1 early if inputs do not have the same lengths. |
24 | | * |
25 | | */ |
26 | | PHPAPI int php_safe_bcmp(const zend_string *a, const zend_string *b) |
27 | 0 | { |
28 | 0 | const volatile unsigned char *ua = (const volatile unsigned char *)ZSTR_VAL(a); |
29 | 0 | const volatile unsigned char *ub = (const volatile unsigned char *)ZSTR_VAL(b); |
30 | 0 | size_t i = 0; |
31 | 0 | int r = 0; |
32 | |
|
33 | 0 | if (ZSTR_LEN(a) != ZSTR_LEN(b)) { |
34 | 0 | return -1; |
35 | 0 | } |
36 | | |
37 | | /* This is security sensitive code. Do not optimize this for speed. */ |
38 | 0 | while (i < ZSTR_LEN(a)) { |
39 | 0 | r |= ua[i] ^ ub[i]; |
40 | 0 | ++i; |
41 | 0 | } |
42 | |
|
43 | 0 | return r; |
44 | 0 | } |