Introduce StringVector::equals()

Allows comparing tokens with C strings without a heap allocation. Do the
same when comparing two tokens from two different StringVectors.

And use it at all places where operator ==() has an argument, which is a
StringVector::operator []() result.

Change-Id: Id36eff96767ab99b235ecbd12fb14446a3efa869
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/90201
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>

1 files changed, 4 insertions, 3 deletions

diff --git a/wsd/FileServer.cpp b/wsd/FileServer.cpp
index d7db1e80cd..ce9e127560 100644
--- a/wsd/FileServer.cpp
+++ b/wsd/FileServer.cpp
@@ -147,8 +147,8 @@ bool isConfigAuthOk(const std::string& userProvidedUsr, const std::string& userP
         std::vector<unsigned char> saltData;
         StringVector tokens = LOOLProtocol::tokenize(securePass, '.');
         if (tokens.size() != 5 ||
-            tokens[0] != "pbkdf2" ||
-            tokens[1] != "sha512" ||
+            !tokens.equals(0, "pbkdf2") ||
+            !tokens.equals(1, "sha512") ||
             !Util::dataFromHexString(tokens[3], saltData))
         {
             LOG_ERR("Incorrect format detected for secure_password in config file." << useLoolconfig);
@@ -167,7 +167,8 @@ bool isConfigAuthOk(const std::string& userProvidedUsr, const std::string& userP
             stream << std::hex << std::setw(2) << std::setfill('0') << static_cast<int>(userProvidedPwdHash[j]);
 
         // now compare the hashed user-provided pwd against the stored hash
-        return stream.str() == tokens[4];
+        std::string string = stream.str();
+        return tokens.equals(4, string.c_str());
 #else
         const std::string pass = config.getString("admin_console.password", "");
         LOG_ERR("The config file has admin_console.secure_password setting, "