oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Use constant-time memcmp when comparing sensitive buffers

Browse Source 
This helps to avoid timing attacks.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
This commit is contained in:
Joseph Sutton
2022-02-17 15:35:51 +13:00
committed by Jeffrey Altman
parent 20f038f4f0
commit b19633f9b9
9 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
kdc/digest-service.c
View File

@@ -179,7 +179,7 @@ ntlm_service(void *ctx, const heim_idata *req,
goto failed;
if (ntq.ntChallengeResponce.length != answer.length ||
memcmp(ntq.ntChallengeResponce.data, answer.data, answer.length) != 0) {
ct_memcmp(ntq.ntChallengeResponce.data, answer.data, answer.length) != 0) {
free(answer.data);
ret = EINVAL;
goto failed;

2
kdc/digest.c
View File

@@ -1314,7 +1314,7 @@ _kdc_do_digest(krb5_context context,
}
if (ireq.u.ntlmRequest.ntlm.length != answer.length ||
memcmp(ireq.u.ntlmRequest.ntlm.data, answer.data, answer.length) != 0)
ct_memcmp(ireq.u.ntlmRequest.ntlm.data, answer.data, answer.length) != 0)
{
free(answer.data);
ret = EINVAL;