+ /* Do a compare without comprising info about
+ the size of the cookie */
+ int auth_data_pos;
+ int auth_mismatches =
+ ( auth_data_len ^
+ server_xauth->data_length );
+
+ for(auth_data_pos=0; auth_data_pos < auth_data_len; ++auth_data_pos)
+ auth_mismatches |=
+ ( buf[auth_data_pos] ^
+ server_xauth->data[auth_data_pos % server_xauth->data_length]);
+
+ if (auth_mismatches == 0)