diff --git a/lib/gssapi/krb5/8003.c b/lib/gssapi/krb5/8003.c index bc6475e47..1d2f4a9bc 100644 --- a/lib/gssapi/krb5/8003.c +++ b/lib/gssapi/krb5/8003.c @@ -208,7 +208,7 @@ _gsskrb5_verify_8003_checksum( *minor_status = 0; return GSS_S_BAD_BINDINGS; } - if(memcmp(hash, p, sizeof(hash)) != 0) { + if(ct_memcmp(hash, p, sizeof(hash)) != 0) { *minor_status = 0; return GSS_S_BAD_BINDINGS; } diff --git a/lib/gssapi/krb5/arcfour.c b/lib/gssapi/krb5/arcfour.c index 326252dda..dc59e997b 100644 --- a/lib/gssapi/krb5/arcfour.c +++ b/lib/gssapi/krb5/arcfour.c @@ -301,7 +301,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status, return GSS_S_FAILURE; } - cmp = memcmp(cksum_data, p + 8, 8); + cmp = ct_memcmp(cksum_data, p + 8, 8); if (cmp) { *minor_status = 0; return GSS_S_BAD_MIC; @@ -666,7 +666,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, return GSS_S_FAILURE; } - cmp = memcmp(cksum_data, p0 + 16, 8); /* SGN_CKSUM */ + cmp = ct_memcmp(cksum_data, p0 + 16, 8); /* SGN_CKSUM */ if (cmp) { _gsskrb5_release_buffer(minor_status, output_message_buffer); *minor_status = 0; diff --git a/lib/gssapi/krb5/cfx.c b/lib/gssapi/krb5/cfx.c index 41c563a08..119522993 100755 --- a/lib/gssapi/krb5/cfx.c +++ b/lib/gssapi/krb5/cfx.c @@ -807,7 +807,7 @@ _gssapi_unwrap_cfx_iov(OM_uint32 *minor_status, ttoken->RRC[1] = token->RRC[1]; /* Check the integrity of the header */ - if (memcmp(ttoken, token, sizeof(*token)) != 0) { + if (ct_memcmp(ttoken, token, sizeof(*token)) != 0) { major_status = GSS_S_BAD_MIC; goto failure; } @@ -1294,7 +1294,7 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status, ((gss_cfx_wrap_token)p)->RRC[1] = token->RRC[1]; /* Check the integrity of the header */ - if (memcmp(p, token, sizeof(*token)) != 0) { + if (ct_memcmp(p, token, sizeof(*token)) != 0) { krb5_data_free(&data); return GSS_S_BAD_MIC; } @@ -1496,7 +1496,7 @@ OM_uint32 _gssapi_verify_mic_cfx(OM_uint32 *minor_status, return GSS_S_DEFECTIVE_TOKEN; } - if (memcmp(token->Filler, "\xff\xff\xff\xff\xff", 5) != 0) { + if (ct_memcmp(token->Filler, "\xff\xff\xff\xff\xff", 5) != 0) { return GSS_S_DEFECTIVE_TOKEN; } diff --git a/lib/gssapi/krb5/decapsulate.c b/lib/gssapi/krb5/decapsulate.c index 7ccf0b0f7..640c064d0 100644 --- a/lib/gssapi/krb5/decapsulate.c +++ b/lib/gssapi/krb5/decapsulate.c @@ -80,9 +80,9 @@ _gssapi_verify_mech_header(u_char **str, if (mech_len != mech->length) return GSS_S_BAD_MECH; - if (memcmp(p, - mech->elements, - mech->length) != 0) + if (ct_memcmp(p, + mech->elements, + mech->length) != 0) return GSS_S_BAD_MECH; p += mech_len; *str = rk_UNCONST(p); @@ -108,7 +108,7 @@ _gsskrb5_verify_header(u_char **str, if (len < 2) return GSS_S_DEFECTIVE_TOKEN; - if (memcmp (*str, type, 2) != 0) + if (ct_memcmp (*str, type, 2) != 0) return GSS_S_DEFECTIVE_TOKEN; *str += 2; diff --git a/lib/gssapi/krb5/unwrap.c b/lib/gssapi/krb5/unwrap.c index 66afaa1b2..9f7d7f377 100644 --- a/lib/gssapi/krb5/unwrap.c +++ b/lib/gssapi/krb5/unwrap.c @@ -134,7 +134,7 @@ unwrap_des DES_set_key_unchecked (&deskey, &schedule); DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), &schedule, &zero); - if (memcmp (p - 8, hash, 8) != 0) + if (ct_memcmp (p - 8, hash, 8) != 0) return GSS_S_BAD_MIC; /* verify sequence number */ @@ -153,9 +153,9 @@ unwrap_des _gsskrb5_decode_om_uint32(seq, &seq_number); if (context_handle->more_flags & LOCAL) - cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4); + cmp = ct_memcmp(&seq[4], "\xff\xff\xff\xff", 4); else - cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4); + cmp = ct_memcmp(&seq[4], "\x00\x00\x00\x00", 4); if (cmp != 0) { HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); @@ -226,16 +226,16 @@ unwrap_des3 if (memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */ return GSS_S_BAD_SIG; p += 2; - if (memcmp (p, "\x02\x00", 2) == 0) { + if (ct_memcmp (p, "\x02\x00", 2) == 0) { cstate = 1; - } else if (memcmp (p, "\xff\xff", 2) == 0) { + } else if (ct_memcmp (p, "\xff\xff", 2) == 0) { cstate = 0; } else return GSS_S_BAD_MIC; p += 2; if(conf_state != NULL) *conf_state = cstate; - if (memcmp (p, "\xff\xff", 2) != 0) + if (ct_memcmp (p, "\xff\xff", 2) != 0) return GSS_S_DEFECTIVE_TOKEN; p += 2; p += 28; @@ -316,9 +316,9 @@ unwrap_des3 _gsskrb5_decode_om_uint32(seq, &seq_number); if (context_handle->more_flags & LOCAL) - cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4); + cmp = ct_memcmp(&seq[4], "\xff\xff\xff\xff", 4); else - cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4); + cmp = ct_memcmp(&seq[4], "\x00\x00\x00\x00", 4); krb5_data_free (&seq_data); if (cmp != 0) { diff --git a/lib/gssapi/krb5/verify_mic.c b/lib/gssapi/krb5/verify_mic.c index 2756d4f5b..aca186598 100644 --- a/lib/gssapi/krb5/verify_mic.c +++ b/lib/gssapi/krb5/verify_mic.c @@ -85,7 +85,7 @@ verify_mic_des DES_set_key_unchecked (&deskey, &schedule); DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), &schedule, &zero); - if (memcmp (p - 8, hash, 8) != 0) { + if (ct_memcmp (p - 8, hash, 8) != 0) { memset (deskey, 0, sizeof(deskey)); memset (&schedule, 0, sizeof(schedule)); return GSS_S_BAD_MIC; @@ -107,9 +107,9 @@ verify_mic_des _gsskrb5_decode_om_uint32(seq, &seq_number); if (context_handle->more_flags & LOCAL) - cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4); + cmp = ct_memcmp(&seq[4], "\xff\xff\xff\xff", 4); else - cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4); + cmp = ct_memcmp(&seq[4], "\x00\x00\x00\x00", 4); if (cmp != 0) { HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); @@ -208,9 +208,9 @@ retry: _gsskrb5_decode_om_uint32(seq, &seq_number); if (context_handle->more_flags & LOCAL) - cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4); + cmp = ct_memcmp(&seq[4], "\xff\xff\xff\xff", 4); else - cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4); + cmp = ct_memcmp(&seq[4], "\x00\x00\x00\x00", 4); krb5_data_free (&seq_data); if (cmp != 0) {