Use constant-time memcmp when comparing sensitive buffers

This helps to avoid timing attacks. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-02-17 15:35:51 +13:00
parent 20f038f4f0
commit b19633f9b9
9 changed files with 12 additions and 12 deletions
--- a/lib/gssapi/krb5/8003.c
+++ b/lib/gssapi/krb5/8003.c
@@ -259,7 +259,7 @@ _gsskrb5_verify_8003_checksum(
    }

    if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS
-	&& (memcmp(p, zeros, sizeof(zeros)) != 0 || client_asserted_cb)) {
+	&& (ct_memcmp(p, zeros, sizeof(zeros)) != 0 || client_asserted_cb)) {
 	if(hash_input_chan_bindings(input_chan_bindings, hash) != 0) {
 	    *minor_status = 0;
 	    return GSS_S_BAD_BINDINGS;
--- a/lib/gssapi/krb5/arcfour.c
+++ b/lib/gssapi/krb5/arcfour.c
@@ -1359,7 +1359,7 @@ _gssapi_unwrap_iov_arcfour(OM_uint32 *minor_status,
 	return GSS_S_FAILURE;
    }

-    cmp = (memcmp(cksum_data, p0 + 16, 8) != 0); /* SGN_CKSUM */
+    cmp = (ct_memcmp(cksum_data, p0 + 16, 8) != 0); /* SGN_CKSUM */
    if (cmp) {
 	*minor_status = 0;
 	return GSS_S_BAD_MIC;