diff options
author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2022-02-17 15:35:42 +1300 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2022-06-09 22:49:29 +0000 |
commit | ae6634c78774d2368e815dea650ba71650dd1861 (patch) | |
tree | bf361a9acf1e5eb9595b25adea734d303bad31c4 /auth | |
parent | 87f68500ed651f393e2fc6c514ab08b561a60a9b (diff) | |
download | samba-ae6634c78774d2368e815dea650ba71650dd1861.tar.gz |
auth: Use constant-time memcmp when comparing sensitive buffers
This helps to avoid timing attacks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15010
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'auth')
-rw-r--r-- | auth/gensec/schannel.c | 4 | ||||
-rw-r--r-- | auth/ntlmssp/ntlmssp_ndr.c | 2 | ||||
-rw-r--r-- | auth/ntlmssp/ntlmssp_server.c | 4 | ||||
-rw-r--r-- | auth/ntlmssp/ntlmssp_sign.c | 4 |
4 files changed, 7 insertions, 7 deletions
diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c index 6ebbe8f3179..2fbfb019124 100644 --- a/auth/gensec/schannel.c +++ b/auth/gensec/schannel.c @@ -649,7 +649,7 @@ static NTSTATUS netsec_incoming_packet(struct schannel_state *state, return NT_STATUS_ACCESS_DENIED; } - ret = memcmp(checksum, sig->data+16, checksum_length); + ret = memcmp_const_time(checksum, sig->data+16, checksum_length); if (ret != 0) { dump_data_pw("calc digest:", checksum, checksum_length); dump_data_pw("wire digest:", sig->data+16, checksum_length); @@ -665,7 +665,7 @@ static NTSTATUS netsec_incoming_packet(struct schannel_state *state, ZERO_ARRAY(checksum); - ret = memcmp(seq_num, sig->data+8, 8); + ret = memcmp_const_time(seq_num, sig->data+8, 8); if (ret != 0) { dump_data_pw("calc seq num:", seq_num, 8); dump_data_pw("wire seq num:", sig->data+8, 8); diff --git a/auth/ntlmssp/ntlmssp_ndr.c b/auth/ntlmssp/ntlmssp_ndr.c index c8b16ccd413..6de00427bbd 100644 --- a/auth/ntlmssp/ntlmssp_ndr.c +++ b/auth/ntlmssp/ntlmssp_ndr.c @@ -31,7 +31,7 @@ do { \ if (!NDR_ERR_CODE_IS_SUCCESS(__ndr_err)) { \ return ndr_map_error2ntstatus(__ndr_err); \ } \ - if (memcmp(r->Signature, "NTLMSSP\0", 8)) {\ + if (memcmp_const_time(r->Signature, "NTLMSSP\0", 8)) { \ return NT_STATUS_INVALID_PARAMETER; \ } \ return NT_STATUS_OK; \ diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c index e077c2f7379..55688602881 100644 --- a/auth/ntlmssp/ntlmssp_server.c +++ b/auth/ntlmssp/ntlmssp_server.c @@ -1095,8 +1095,8 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security, } gnutls_hmac_deinit(hmac_hnd, mic_buffer); - cmp = memcmp(request.data + NTLMSSP_MIC_OFFSET, - mic_buffer, NTLMSSP_MIC_SIZE); + cmp = memcmp_const_time(request.data + NTLMSSP_MIC_OFFSET, + mic_buffer, NTLMSSP_MIC_SIZE); if (cmp != 0) { DEBUG(1,("%s: invalid NTLMSSP_MIC for " "user=[%s] domain=[%s] workstation=[%s]\n", diff --git a/auth/ntlmssp/ntlmssp_sign.c b/auth/ntlmssp/ntlmssp_sign.c index 89f1aa04f7a..b831308aa2c 100644 --- a/auth/ntlmssp/ntlmssp_sign.c +++ b/auth/ntlmssp/ntlmssp_sign.c @@ -291,7 +291,7 @@ NTSTATUS ntlmssp_check_packet(struct ntlmssp_state *ntlmssp_state, if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { if (local_sig.length != sig->length || - memcmp(local_sig.data, sig->data, sig->length) != 0) { + memcmp_const_time(local_sig.data, sig->data, sig->length) != 0) { DEBUG(5, ("BAD SIG NTLM2: wanted signature of\n")); dump_data(5, local_sig.data, local_sig.length); @@ -304,7 +304,7 @@ NTSTATUS ntlmssp_check_packet(struct ntlmssp_state *ntlmssp_state, } } else { if (local_sig.length != sig->length || - memcmp(local_sig.data + 8, sig->data + 8, sig->length - 8) != 0) { + memcmp_const_time(local_sig.data + 8, sig->data + 8, sig->length - 8) != 0) { DEBUG(5, ("BAD SIG NTLM1: wanted signature of\n")); dump_data(5, local_sig.data, local_sig.length); |