Use constant-time memcmp when comparing sensitive buffers

This helps to avoid timing attacks. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-02-17 15:35:51 +13:00
parent 20f038f4f0
commit b19633f9b9
9 changed files with 12 additions and 12 deletions
--- a/lib/gssapi/ntlm/crypto.c
+++ b/lib/gssapi/ntlm/crypto.c
@@ -230,7 +230,7 @@ v2_verify_message(gss_buffer_t in,
    if (ret)
 	return ret;

-    if (memcmp(checksum, out, 16) != 0)
+    if (ct_memcmp(checksum, out, 16) != 0)
 	return GSS_S_BAD_MIC;

    return GSS_S_COMPLETE;