Bugfix: utils: Avoid potential modulo by 0 if secret is zero length

Author: luke-jr

src/datum_utils.c

@@ -735,11 +735,15 @@ int datum_atoi_strict(const char * const s, const size_t size) {
 	return (ret == UINT64_MAX || ret > INT_MAX) ? -1 : ret;
 }
 
-bool datum_secure_strequals(const char *secret, const size_t secret_len, const char *guess) {
+bool datum_secure_strequals(const char *secret, size_t secret_len, const char *guess) {
 	const size_t guess_len = strlen(guess);
 	size_t acc = secret_len ^ guess_len;
+	if (!secret_len) {
+		secret = "";  // null byte avoids dereferencing out of bounds
+		secret_len = 1;
+	}
 	for (size_t i = 0; i < guess_len; ++i) {
-		acc |= ((size_t)guess[i]) ^ ((size_t)secret[i % guess_len]);
+		acc |= ((size_t)guess[i]) ^ ((size_t)secret[i % secret_len]);
 	}
 	return !acc;
 }

src/datum_utils_tests.c

@@ -48,6 +48,9 @@ void datum_utils_tests(void) {
 	/* guess longer than secret */
 	datum_test(!datum_secure_strequals(secret, secret_len, "abcd"));
 
+	/* guess shorter than secret */
+	datum_test(!datum_secure_strequals(secret, secret_len, "ab"));
+	
 	/* guess repeats secret but is longer */
 	datum_test(!datum_secure_strequals(secret, secret_len, "abcabc"));