From 5562d722d661c64303f9345ba49c41b324ef0135 Mon Sep 17 00:00:00 2001
From: blinkysc <37940565+blinkysc@users.noreply.github.com>
Date: Mon, 31 Mar 2025 11:50:48 -0500
Subject: [PATCH] fix(Warden) Warden Anti-Cheat Timing Attack Protection MAC
 (#21824)

---
 src/server/game/Warden/WardenMac.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/server/game/Warden/WardenMac.cpp b/src/server/game/Warden/WardenMac.cpp
index 53883f18c..d3e7f4a60 100644
--- a/src/server/game/Warden/WardenMac.cpp
+++ b/src/server/game/Warden/WardenMac.cpp
@@ -26,6 +26,7 @@
 #include "WardenModuleMac.h"
 #include "WorldPacket.h"
 #include "WorldSession.h"
+#include <openssl/crypto.h>
 
 WardenMac::WardenMac() : Warden()
 {
@@ -152,8 +153,8 @@ void WardenMac::HandleHashResult(ByteBuffer& buff)
 
     //const uint8 validHash[20] = { 0x56, 0x8C, 0x05, 0x4C, 0x78, 0x1A, 0x97, 0x2A, 0x60, 0x37, 0xA2, 0x29, 0x0C, 0x22, 0xB5, 0x25, 0x71, 0xA0, 0x6F, 0x4E };
 
-    // Verify key
-    if (memcmp(buff.contents() + 1, sha1.GetDigest().data(), 20) != 0)
+    // Verify key using constant-time comparison
+    if (CRYPTO_memcmp(buff.contents() + 1, sha1.GetDigest().data(), 20) != 0)
     {
         LOG_DEBUG("warden", "Request hash reply: failed");
         ApplyPenalty(0, "Request hash reply: failed");