diff options
author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2022-05-11 12:07:43 +1200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2022-06-09 22:49:29 +0000 |
commit | feb36dbebf1f0f48f4d9f2549471d355b4ead788 (patch) | |
tree | b54ff5df21115ce11b642174a098345545d1fff8 /libcli | |
parent | a554e2ce53cbee584bf3c0944d466cbdf73dd3b2 (diff) | |
download | samba-feb36dbebf1f0f48f4d9f2549471d355b4ead788.tar.gz |
lib/util: Change function to mem_equal_const_time()
Since memcmp_const_time() doesn't act as an exact replacement for
memcmp(), and its return value is only ever compared with zero, simplify
it and emphasize the intention of checking equality by returning a bool
instead.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'libcli')
-rw-r--r-- | libcli/auth/credentials.c | 4 | ||||
-rw-r--r-- | libcli/auth/netlogon_creds_cli.c | 14 | ||||
-rw-r--r-- | libcli/auth/ntlm_check.c | 8 | ||||
-rw-r--r-- | libcli/smb/smb2_signing.c | 2 | ||||
-rw-r--r-- | libcli/smb/smbXcli_base.c | 10 | ||||
-rw-r--r-- | libcli/smb/smb_signing.c | 4 |
6 files changed, 21 insertions, 21 deletions
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c index bd257410c5c..a7f56e75e9e 100644 --- a/libcli/auth/credentials.c +++ b/libcli/auth/credentials.c @@ -659,7 +659,7 @@ bool netlogon_creds_client_check(struct netlogon_creds_CredentialState *creds, const struct netr_Credential *received_credentials) { if (!received_credentials || - memcmp_const_time(received_credentials->data, creds->server.data, 8) != 0) { + !mem_equal_const_time(received_credentials->data, creds->server.data, 8)) { DEBUG(2,("credentials check failed\n")); return false; } @@ -678,7 +678,7 @@ next comes the server specific functions static bool netlogon_creds_server_check_internal(const struct netlogon_creds_CredentialState *creds, const struct netr_Credential *received_credentials) { - if (memcmp_const_time(received_credentials->data, creds->client.data, 8) != 0) { + if (!mem_equal_const_time(received_credentials->data, creds->client.data, 8)) { DEBUG(2,("credentials check failed\n")); dump_data_pw("client creds", creds->client.data, 8); dump_data_pw("calc creds", received_credentials->data, 8); diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c index 889e1e8acf0..716a565128d 100644 --- a/libcli/auth/netlogon_creds_cli.c +++ b/libcli/auth/netlogon_creds_cli.c @@ -3201,7 +3201,7 @@ static void netlogon_creds_cli_ServerGetTrustInfo_done(struct tevent_req *subreq NTSTATUS status; NTSTATUS result; const struct samr_Password zero = {}; - int cmp; + bool cmp; bool ok; /* @@ -3227,9 +3227,9 @@ static void netlogon_creds_cli_ServerGetTrustInfo_done(struct tevent_req *subreq return; } - cmp = memcmp_const_time(state->new_owf_password.hash, - zero.hash, sizeof(zero.hash)); - if (cmp != 0) { + cmp = mem_equal_const_time(state->new_owf_password.hash, + zero.hash, sizeof(zero.hash)); + if (!cmp) { status = netlogon_creds_des_decrypt(&state->tmp_creds, &state->new_owf_password); if (tevent_req_nterror(req, status)) { @@ -3237,9 +3237,9 @@ static void netlogon_creds_cli_ServerGetTrustInfo_done(struct tevent_req *subreq return; } } - cmp = memcmp_const_time(state->old_owf_password.hash, - zero.hash, sizeof(zero.hash)); - if (cmp != 0) { + cmp = mem_equal_const_time(state->old_owf_password.hash, + zero.hash, sizeof(zero.hash)); + if (!cmp) { status = netlogon_creds_des_decrypt(&state->tmp_creds, &state->old_owf_password); if (tevent_req_nterror(req, status)) { diff --git a/libcli/auth/ntlm_check.c b/libcli/auth/ntlm_check.c index d71bdb3b1a4..cb4be7f6507 100644 --- a/libcli/auth/ntlm_check.c +++ b/libcli/auth/ntlm_check.c @@ -71,7 +71,7 @@ static bool smb_pwd_check_ntlmv1(TALLOC_CTX *mem_ctx, DEBUGADD(100,("Value from encryption was |\n")); dump_data(100, p24, 24); #endif - ok = (memcmp_const_time(p24, nt_response->data, 24) == 0); + ok = mem_equal_const_time(p24, nt_response->data, 24); if (!ok) { return false; } @@ -157,7 +157,7 @@ static bool smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx, #endif data_blob_clear_free(&client_key_data); - ok = (memcmp_const_time(value_from_encryption, ntv2_response->data, 16) == 0); + ok = mem_equal_const_time(value_from_encryption, ntv2_response->data, 16); if (!ok) { return false; } @@ -271,7 +271,7 @@ NTSTATUS hash_password_check(TALLOC_CTX *mem_ctx, } if (client_nt && stored_nt) { - if (memcmp_const_time(client_nt->hash, stored_nt->hash, sizeof(stored_nt->hash)) == 0) { + if (mem_equal_const_time(client_nt->hash, stored_nt->hash, sizeof(stored_nt->hash))) { return NT_STATUS_OK; } else { DEBUG(3,("hash_password_check: Interactive logon: NT password check failed for user %s\n", @@ -289,7 +289,7 @@ NTSTATUS hash_password_check(TALLOC_CTX *mem_ctx, return NT_STATUS_NOT_FOUND; } - if (memcmp_const_time(client_lanman->hash, stored_lanman->hash, sizeof(stored_lanman->hash)) == 0) { + if (mem_equal_const_time(client_lanman->hash, stored_lanman->hash, sizeof(stored_lanman->hash))) { return NT_STATUS_OK; } else { DEBUG(3,("hash_password_check: Interactive logon: LANMAN password check failed for user %s\n", diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c index 6efb87801cb..d95274c1692 100644 --- a/libcli/smb/smb2_signing.c +++ b/libcli/smb/smb2_signing.c @@ -718,7 +718,7 @@ NTSTATUS smb2_signing_check_pdu(struct smb2_signing_key *signing_key, return status; } - if (memcmp_const_time(res, sig, 16) != 0) { + if (!mem_equal_const_time(res, sig, 16)) { DEBUG(0,("Bad SMB2 (sign_algo_id=%u) signature for message\n", (unsigned)sign_algo_id)); dump_data(0, sig, 16); diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index 60c3da5b691..a8e5aa4fdaa 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -3996,12 +3996,12 @@ static NTSTATUS smb2cli_conn_dispatch_incoming(struct smbXcli_conn *conn, * to the caller. */ if (signing_key) { - int cmp; + bool cmp; - cmp = memcmp_const_time(inhdr+SMB2_HDR_SIGNATURE, - state->smb2.hdr+SMB2_HDR_SIGNATURE, - 16); - if (cmp == 0) { + cmp = mem_equal_const_time(inhdr+SMB2_HDR_SIGNATURE, + state->smb2.hdr+SMB2_HDR_SIGNATURE, + 16); + if (cmp) { state->smb2.signing_skipped = true; signing_key = NULL; } diff --git a/libcli/smb/smb_signing.c b/libcli/smb/smb_signing.c index ee9b854275a..1d768ef39d0 100644 --- a/libcli/smb/smb_signing.c +++ b/libcli/smb/smb_signing.c @@ -339,7 +339,7 @@ bool smb1_signing_check_pdu(struct smb1_signing_state *si, } reply_sent_mac = &inhdr[HDR_SS_FIELD]; - good = (memcmp_const_time(reply_sent_mac, calc_md5_mac, 8) == 0); + good = mem_equal_const_time(reply_sent_mac, calc_md5_mac, 8); if (!good) { int i; @@ -354,7 +354,7 @@ bool smb1_signing_check_pdu(struct smb1_signing_state *si, for (i = -sign_range; i < sign_range; i++) { smb1_signing_md5(&si->mac_key, inhdr, len, seqnum+i, calc_md5_mac); - if (memcmp_const_time(reply_sent_mac, calc_md5_mac, 8) == 0) { + if (mem_equal_const_time(reply_sent_mac, calc_md5_mac, 8)) { DBG_ERR("out of seq. seq num %u matches. " "We were expecting seq %u\n", (unsigned int)seqnum+i, |