diff options
Diffstat (limited to 'source4/dsdb/samdb/ldb_modules/password_hash.c')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/password_hash.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index faf8a35818f..1b194799b9f 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -601,7 +601,7 @@ static int password_hash_bypass(struct ldb_module *module, struct ldb_request *r "supplementalCredentialsBlob length differ"); } - if (memcmp(sce->values[0].data, blob.data, blob.length) != 0) { + if (memcmp_const_time(sce->values[0].data, blob.data, blob.length) != 0) { return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, "supplementalCredentialsBlob memcmp differ"); } @@ -2754,7 +2754,7 @@ static int check_password_restrictions(struct setup_password_fields_io *io, WERR /* The password modify through the NT hash is encouraged and has no problems at all */ - if (!io->o.nt_hash || memcmp(io->og.nt_hash->hash, io->o.nt_hash->hash, 16) != 0) { + if (!io->o.nt_hash || memcmp_const_time(io->og.nt_hash->hash, io->o.nt_hash->hash, 16) != 0) { return make_error_and_update_badPwdCount(io, werror); } } @@ -2842,7 +2842,7 @@ static int check_password_restrictions(struct setup_password_fields_io *io, WERR /* checks the NT hash password history */ for (i = 0; i < io->o.nt_history_len; i++) { - int pw_cmp = memcmp(io->n.nt_hash, io->o.nt_history[i].hash, 16); + int pw_cmp = memcmp_const_time(io->n.nt_hash, io->o.nt_history[i].hash, 16); if (pw_cmp == 0) { ret = LDB_ERR_CONSTRAINT_VIOLATION; *werror = WERR_PASSWORD_RESTRICTION; |