From 42129d35e4510092266322168f68f3019d28bdb8 Mon Sep 17 00:00:00 2001
From: Daniel-Constantin Mierla <miconda@gmail.com>
Date: Fri, 3 May 2019 11:53:15 +0200
Subject: [PATCH] auth_ephemeral: test the lenghts for compared passwords

---
 src/modules/auth_ephemeral/authorize.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/modules/auth_ephemeral/authorize.c b/src/modules/auth_ephemeral/authorize.c
index 216332b3211..bb92a4a2190 100644
--- a/src/modules/auth_ephemeral/authorize.c
+++ b/src/modules/auth_ephemeral/authorize.c
@@ -523,8 +523,9 @@ int ki_autheph_authenticate(sip_msg_t *_m, str *susername, str *spassword)
 		{
 			LM_DBG("generated password: %.*s\n",
 				sgenerated_password.len, sgenerated_password.s);
-			if (strncmp(spassword->s, sgenerated_password.s,
-					spassword->len) == 0)
+			if (spassword->len == sgenerated_password.len
+					&& strncmp(spassword->s, sgenerated_password.s,
+						spassword->len) == 0)
 			{
 				SECRET_UNLOCK;
 				return AUTH_OK;