git.samba.org
/
samba.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
c22914f
)
CVE-2022-3437 source4/heimdal: Use constant-time memcmp() in unwrap_des3()
author
Joseph Sutton
<josephsutton@catalyst.net.nz>
Wed, 12 Oct 2022 00:57:55 +0000
(13:57 +1300)
committer
Jule Anger
<janger@samba.org>
Mon, 24 Oct 2022 05:27:02 +0000
(07:27 +0200)
The surrounding checks all use ct_memcmp(), so this one was presumably
meant to as well.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
source4/heimdal/lib/gssapi/krb5/unwrap.c
patch
|
blob
|
history
diff --git
a/source4/heimdal/lib/gssapi/krb5/unwrap.c
b/source4/heimdal/lib/gssapi/krb5/unwrap.c
index b3da35ee9e28f4b374569d2acd0b8f50500ce6c2..7111a7944fe0d55c94fe9a1c06166722b0fe94f8 100644
(file)
--- a/
source4/heimdal/lib/gssapi/krb5/unwrap.c
+++ b/
source4/heimdal/lib/gssapi/krb5/unwrap.c
@@
-227,7
+227,7
@@
unwrap_des3
if (ret)
return ret;
- if (memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */
+ if (
ct_
memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */
return GSS_S_BAD_SIG;
p += 2;
if (ct_memcmp (p, "\x02\x00", 2) == 0) {