1

I found that memcmp() will return false earlier if the first byte is different in both strings, and I thought it has a timing attack risk. However, when I tried to find out if there were other functions that had side-channel risks like memcmp, I couldn't find any information.

Jonathan Leffler
  • 730,956
  • 141
  • 904
  • 1,278
zhxf7481
  • 11
  • 1
  • 1
    `strpbrk()`, `strspn()`, `strcspn()`, `strcmp()`, `strstr()`, `strncmp()`, `strcmp()`, `strchr()` (but probably not `strrchr()`) — all of those stop at the first match, so they are vulnerable to timing side-channel attacks. – Jonathan Leffler Jul 08 '22 at 05:02

1 Answers1

2

Yes. strcmp and friends all work the same way. If in the rare case you are timing attack sensitive you have to write all your own comparison loops. The compiler can quite often optimize them back into timing sensitive loops now too, so you end up compiling such files with -O0. I know, so sad.

Typically you don't have this problem because you compare hashes.

Joshua
  • 40,822
  • 8
  • 72
  • 132
  • _"Typically you don't have this problem because you compare hashes"_ - Can you put that in glowing gold somehow? :-) – Ted Lyngmo Jul 08 '22 at 03:44
  • @TedLyngmo: No. I have eye problems that force me to use color leveling code. So even if there were a way to change colors in markdown I don't know it nor can I use it. – Joshua Jul 08 '22 at 03:48
  • Seems like we have similar issues. The actual coloring scheme was chosen by me since it's often used to praise and emphasize. – Ted Lyngmo Jul 08 '22 at 03:52
  • 1
    @Joshua -O0 is not necessary. There is `volatile` keyword. – dimich Jul 08 '22 at 07:06
  • @Joshua Do similar functions of memcmp also have these problems? Is there a comprehensive list of side channel risk functions? – zhxf7481 Jul 11 '22 at 03:20
  • @zhxf7481: Assume all conditional functions have side channel attacks unless documented otherwise. – Joshua Jul 11 '22 at 04:19