From ca446a51924a66b066ef934a8ea99c480d9d302d Mon Sep 17 00:00:00 2001
From: Jayson Reis <santosdosreis@gmail.com>
Date: Wed, 19 Feb 2020 17:27:55 +0100
Subject: [PATCH] Change fixed_time_eq to avoid undefined behavior

If both slices have len() == 0, get_unchecked will have an undefined behavior
---
 src/util.rs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/util.rs b/src/util.rs
index 52acc6bf..a15fd187 100644
--- a/src/util.rs
+++ b/src/util.rs
@@ -41,7 +41,7 @@ pub fn secure_memset(dst: &mut [u8], val: u8) {
 /// Compare two vectors using a fixed number of operations. If the two vectors are not of equal
 /// length, the function returns false immediately.
 pub fn fixed_time_eq(lhs: &[u8], rhs: &[u8]) -> bool {
-    if lhs.len() != rhs.len() {
+    if lhs.len() != rhs.len() || lhs.len() == 0 {
         false
     } else {
         let count = lhs.len() as libc::size_t;
@@ -76,5 +76,6 @@ mod test {
         assert!(!fixed_time_eq(&a, &e));
         assert!(!fixed_time_eq(&a, &f));
         assert!(!fixed_time_eq(&a, &g));
+        assert!(!fixed_time_eq(&[], &[]));
     }
 }