git.samba.org / metze / samba / wip.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 16120b7) | patch
CVE-2022-3437 third_party/heimdal: Use constant-time memcmp() in unwrap_des3()
authorJoseph Sutton <josephsutton@catalyst.net.nz>
Wed, 12 Oct 2022 00:57:55 +0000 (13:57 +1300)
committerJule Anger <janger@samba.org>
Tue, 25 Oct 2022 10:31:34 +0000 (10:31 +0000)
commitdffc997adaccaa0980911b62473470cb80969700
treef3d91c832e6e4b895dde8a5f13db027ec817925ftree
parent16120b736f28e85e7b46f8c69b7aa02073b2e26ccommit | diff
CVE-2022-3437 third_party/heimdal: Use constant-time memcmp() in unwrap_des3()

The surrounding checks all use ct_memcmp(), so this one was presumably
meant to as well.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
third_party/heimdal/lib/gssapi/krb5/unwrap.c diff | blob | history
Work in progress branches