Sebastian Lackner sebastian@fds-team.de writes:

Signed-off-by: Sebastian Lackner sebastian@fds-team.de

Changes in v2:

• We can't really use memcmp because it could allow exploits with special input, like "abc\0def", where it would probably compare past the end of the string.

Note that you don't need special input, any comparison with a shorter string can potentially overrun.