diff options
author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2022-05-11 12:07:43 +1200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2022-06-09 22:49:29 +0000 |
commit | feb36dbebf1f0f48f4d9f2549471d355b4ead788 (patch) | |
tree | b54ff5df21115ce11b642174a098345545d1fff8 /auth | |
parent | a554e2ce53cbee584bf3c0944d466cbdf73dd3b2 (diff) | |
download | samba-feb36dbebf1f0f48f4d9f2549471d355b4ead788.tar.gz |
lib/util: Change function to mem_equal_const_time()
Since memcmp_const_time() doesn't act as an exact replacement for
memcmp(), and its return value is only ever compared with zero, simplify
it and emphasize the intention of checking equality by returning a bool
instead.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'auth')
-rw-r--r-- | auth/gensec/schannel.c | 10 | ||||
-rw-r--r-- | auth/ntlmssp/ntlmssp_ndr.c | 2 | ||||
-rw-r--r-- | auth/ntlmssp/ntlmssp_server.c | 10 | ||||
-rw-r--r-- | auth/ntlmssp/ntlmssp_sign.c | 4 |
4 files changed, 13 insertions, 13 deletions
diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c index 2fbfb019124..9860559668f 100644 --- a/auth/gensec/schannel.c +++ b/auth/gensec/schannel.c @@ -592,7 +592,7 @@ static NTSTATUS netsec_incoming_packet(struct schannel_state *state, uint8_t *confounder = NULL; uint32_t confounder_ofs = 0; uint8_t seq_num[8]; - int ret; + bool ret; const uint8_t *sign_data = NULL; size_t sign_length = 0; NTSTATUS status; @@ -649,8 +649,8 @@ static NTSTATUS netsec_incoming_packet(struct schannel_state *state, return NT_STATUS_ACCESS_DENIED; } - ret = memcmp_const_time(checksum, sig->data+16, checksum_length); - if (ret != 0) { + ret = mem_equal_const_time(checksum, sig->data+16, checksum_length); + if (!ret) { dump_data_pw("calc digest:", checksum, checksum_length); dump_data_pw("wire digest:", sig->data+16, checksum_length); return NT_STATUS_ACCESS_DENIED; @@ -665,8 +665,8 @@ static NTSTATUS netsec_incoming_packet(struct schannel_state *state, ZERO_ARRAY(checksum); - ret = memcmp_const_time(seq_num, sig->data+8, 8); - if (ret != 0) { + ret = mem_equal_const_time(seq_num, sig->data+8, 8); + if (!ret) { dump_data_pw("calc seq num:", seq_num, 8); dump_data_pw("wire seq num:", sig->data+8, 8); return NT_STATUS_ACCESS_DENIED; diff --git a/auth/ntlmssp/ntlmssp_ndr.c b/auth/ntlmssp/ntlmssp_ndr.c index 6de00427bbd..ea5d6f0f5a0 100644 --- a/auth/ntlmssp/ntlmssp_ndr.c +++ b/auth/ntlmssp/ntlmssp_ndr.c @@ -31,7 +31,7 @@ do { \ if (!NDR_ERR_CODE_IS_SUCCESS(__ndr_err)) { \ return ndr_map_error2ntstatus(__ndr_err); \ } \ - if (memcmp_const_time(r->Signature, "NTLMSSP\0", 8)) { \ + if (!mem_equal_const_time(r->Signature, "NTLMSSP\0", 8)) { \ return NT_STATUS_INVALID_PARAMETER; \ } \ return NT_STATUS_OK; \ diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c index 55688602881..6a27db1b7d4 100644 --- a/auth/ntlmssp/ntlmssp_server.c +++ b/auth/ntlmssp/ntlmssp_server.c @@ -1047,7 +1047,7 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security, if (ntlmssp_state->new_spnego) { gnutls_hmac_hd_t hmac_hnd = NULL; uint8_t mic_buffer[NTLMSSP_MIC_SIZE] = { 0, }; - int cmp; + bool cmp; int rc; rc = gnutls_hmac_init(&hmac_hnd, @@ -1095,9 +1095,9 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security, } gnutls_hmac_deinit(hmac_hnd, mic_buffer); - cmp = memcmp_const_time(request.data + NTLMSSP_MIC_OFFSET, - mic_buffer, NTLMSSP_MIC_SIZE); - if (cmp != 0) { + cmp = mem_equal_const_time(request.data + NTLMSSP_MIC_OFFSET, + mic_buffer, NTLMSSP_MIC_SIZE); + if (!cmp) { DEBUG(1,("%s: invalid NTLMSSP_MIC for " "user=[%s] domain=[%s] workstation=[%s]\n", __func__, @@ -1112,7 +1112,7 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security, ZERO_ARRAY(mic_buffer); - if (cmp != 0) { + if (!cmp) { return NT_STATUS_INVALID_PARAMETER; } } diff --git a/auth/ntlmssp/ntlmssp_sign.c b/auth/ntlmssp/ntlmssp_sign.c index b831308aa2c..11e5930a8de 100644 --- a/auth/ntlmssp/ntlmssp_sign.c +++ b/auth/ntlmssp/ntlmssp_sign.c @@ -291,7 +291,7 @@ NTSTATUS ntlmssp_check_packet(struct ntlmssp_state *ntlmssp_state, if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { if (local_sig.length != sig->length || - memcmp_const_time(local_sig.data, sig->data, sig->length) != 0) { + !mem_equal_const_time(local_sig.data, sig->data, sig->length)) { DEBUG(5, ("BAD SIG NTLM2: wanted signature of\n")); dump_data(5, local_sig.data, local_sig.length); @@ -304,7 +304,7 @@ NTSTATUS ntlmssp_check_packet(struct ntlmssp_state *ntlmssp_state, } } else { if (local_sig.length != sig->length || - memcmp_const_time(local_sig.data + 8, sig->data + 8, sig->length - 8) != 0) { + !mem_equal_const_time(local_sig.data + 8, sig->data + 8, sig->length - 8)) { DEBUG(5, ("BAD SIG NTLM1: wanted signature of\n")); dump_data(5, local_sig.data, local_sig.length); |