diff options
| author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2022-05-11 12:07:43 +1200 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2022-06-09 22:49:29 +0000 |
| commit | feb36dbebf1f0f48f4d9f2549471d355b4ead788 (patch) | |
| tree | b54ff5df21115ce11b642174a098345545d1fff8 /libcli/auth | |
| parent | a554e2ce53cbee584bf3c0944d466cbdf73dd3b2 (diff) | |
| download | samba-feb36dbebf1f0f48f4d9f2549471d355b4ead788.tar.gz | |
lib/util: Change function to mem_equal_const_time()
Since memcmp_const_time() doesn't act as an exact replacement for
memcmp(), and its return value is only ever compared with zero, simplify
it and emphasize the intention of checking equality by returning a bool
instead.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'libcli/auth')
| -rw-r--r-- | libcli/auth/credentials.c | 4 | ||||
| -rw-r--r-- | libcli/auth/netlogon_creds_cli.c | 14 | ||||
| -rw-r--r-- | libcli/auth/ntlm_check.c | 8 |
3 files changed, 13 insertions, 13 deletions
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c index bd257410c5c..a7f56e75e9e 100644 --- a/libcli/auth/credentials.c +++ b/libcli/auth/credentials.c @@ -659,7 +659,7 @@ bool netlogon_creds_client_check(struct netlogon_creds_CredentialState *creds, const struct netr_Credential *received_credentials) { if (!received_credentials || - memcmp_const_time(received_credentials->data, creds->server.data, 8) != 0) { + !mem_equal_const_time(received_credentials->data, creds->server.data, 8)) { DEBUG(2,("credentials check failed\n")); return false; } @@ -678,7 +678,7 @@ next comes the server specific functions static bool netlogon_creds_server_check_internal(const struct netlogon_creds_CredentialState *creds, const struct netr_Credential *received_credentials) { - if (memcmp_const_time(received_credentials->data, creds->client.data, 8) != 0) { + if (!mem_equal_const_time(received_credentials->data, creds->client.data, 8)) { DEBUG(2,("credentials check failed\n")); dump_data_pw("client creds", creds->client.data, 8); dump_data_pw("calc creds", received_credentials->data, 8); diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c index 889e1e8acf0..716a565128d 100644 --- a/libcli/auth/netlogon_creds_cli.c +++ b/libcli/auth/netlogon_creds_cli.c @@ -3201,7 +3201,7 @@ static void netlogon_creds_cli_ServerGetTrustInfo_done(struct tevent_req *subreq NTSTATUS status; NTSTATUS result; const struct samr_Password zero = {}; - int cmp; + bool cmp; bool ok; /* @@ -3227,9 +3227,9 @@ static void netlogon_creds_cli_ServerGetTrustInfo_done(struct tevent_req *subreq return; } - cmp = memcmp_const_time(state->new_owf_password.hash, - zero.hash, sizeof(zero.hash)); - if (cmp != 0) { + cmp = mem_equal_const_time(state->new_owf_password.hash, + zero.hash, sizeof(zero.hash)); + if (!cmp) { status = netlogon_creds_des_decrypt(&state->tmp_creds, &state->new_owf_password); if (tevent_req_nterror(req, status)) { @@ -3237,9 +3237,9 @@ static void netlogon_creds_cli_ServerGetTrustInfo_done(struct tevent_req *subreq return; } } - cmp = memcmp_const_time(state->old_owf_password.hash, - zero.hash, sizeof(zero.hash)); - if (cmp != 0) { + cmp = mem_equal_const_time(state->old_owf_password.hash, + zero.hash, sizeof(zero.hash)); + if (!cmp) { status = netlogon_creds_des_decrypt(&state->tmp_creds, &state->old_owf_password); if (tevent_req_nterror(req, status)) { diff --git a/libcli/auth/ntlm_check.c b/libcli/auth/ntlm_check.c index d71bdb3b1a4..cb4be7f6507 100644 --- a/libcli/auth/ntlm_check.c +++ b/libcli/auth/ntlm_check.c @@ -71,7 +71,7 @@ static bool smb_pwd_check_ntlmv1(TALLOC_CTX *mem_ctx, DEBUGADD(100,("Value from encryption was |\n")); dump_data(100, p24, 24); #endif - ok = (memcmp_const_time(p24, nt_response->data, 24) == 0); + ok = mem_equal_const_time(p24, nt_response->data, 24); if (!ok) { return false; } @@ -157,7 +157,7 @@ static bool smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx, #endif data_blob_clear_free(&client_key_data); - ok = (memcmp_const_time(value_from_encryption, ntv2_response->data, 16) == 0); + ok = mem_equal_const_time(value_from_encryption, ntv2_response->data, 16); if (!ok) { return false; } @@ -271,7 +271,7 @@ NTSTATUS hash_password_check(TALLOC_CTX *mem_ctx, } if (client_nt && stored_nt) { - if (memcmp_const_time(client_nt->hash, stored_nt->hash, sizeof(stored_nt->hash)) == 0) { + if (mem_equal_const_time(client_nt->hash, stored_nt->hash, sizeof(stored_nt->hash))) { return NT_STATUS_OK; } else { DEBUG(3,("hash_password_check: Interactive logon: NT password check failed for user %s\n", @@ -289,7 +289,7 @@ NTSTATUS hash_password_check(TALLOC_CTX *mem_ctx, return NT_STATUS_NOT_FOUND; } - if (memcmp_const_time(client_lanman->hash, stored_lanman->hash, sizeof(stored_lanman->hash)) == 0) { + if (mem_equal_const_time(client_lanman->hash, stored_lanman->hash, sizeof(stored_lanman->hash))) { return NT_STATUS_OK; } else { DEBUG(3,("hash_password_check: Interactive logon: LANMAN password check failed for user %s\n", |