From feb36dbebf1f0f48f4d9f2549471d355b4ead788 Mon Sep 17 00:00:00 2001
From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Wed, 11 May 2022 12:07:43 +1200
Subject: lib/util: Change function to mem_equal_const_time()

Since memcmp_const_time() doesn't act as an exact replacement for
memcmp(), and its return value is only ever compared with zero, simplify
it and emphasize the intention of checking equality by returning a bool
instead.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 libcli/auth/credentials.c        |  4 ++--
 libcli/auth/netlogon_creds_cli.c | 14 +++++++-------
 libcli/auth/ntlm_check.c         |  8 ++++----
 3 files changed, 13 insertions(+), 13 deletions(-)

(limited to 'libcli/auth')

diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index bd257410c5c..a7f56e75e9e 100644
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -659,7 +659,7 @@ bool netlogon_creds_client_check(struct netlogon_creds_CredentialState *creds,
 			const struct netr_Credential *received_credentials)
 {
 	if (!received_credentials ||
-	    memcmp_const_time(received_credentials->data, creds->server.data, 8) != 0) {
+	    !mem_equal_const_time(received_credentials->data, creds->server.data, 8)) {
 		DEBUG(2,("credentials check failed\n"));
 		return false;
 	}
@@ -678,7 +678,7 @@ next comes the server specific functions
 static bool netlogon_creds_server_check_internal(const struct netlogon_creds_CredentialState *creds,
 						 const struct netr_Credential *received_credentials)
 {
-	if (memcmp_const_time(received_credentials->data, creds->client.data, 8) != 0) {
+	if (!mem_equal_const_time(received_credentials->data, creds->client.data, 8)) {
 		DEBUG(2,("credentials check failed\n"));
 		dump_data_pw("client creds", creds->client.data, 8);
 		dump_data_pw("calc   creds", received_credentials->data, 8);
diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index 889e1e8acf0..716a565128d 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -3201,7 +3201,7 @@ static void netlogon_creds_cli_ServerGetTrustInfo_done(struct tevent_req *subreq
 	NTSTATUS status;
 	NTSTATUS result;
 	const struct samr_Password zero = {};
-	int cmp;
+	bool cmp;
 	bool ok;
 
 	/*
@@ -3227,9 +3227,9 @@ static void netlogon_creds_cli_ServerGetTrustInfo_done(struct tevent_req *subreq
 		return;
 	}
 
-	cmp = memcmp_const_time(state->new_owf_password.hash,
-				zero.hash, sizeof(zero.hash));
-	if (cmp != 0) {
+	cmp = mem_equal_const_time(state->new_owf_password.hash,
+				   zero.hash, sizeof(zero.hash));
+	if (!cmp) {
 		status = netlogon_creds_des_decrypt(&state->tmp_creds,
 						    &state->new_owf_password);
 		if (tevent_req_nterror(req, status)) {
@@ -3237,9 +3237,9 @@ static void netlogon_creds_cli_ServerGetTrustInfo_done(struct tevent_req *subreq
 			return;
 		}
 	}
-	cmp = memcmp_const_time(state->old_owf_password.hash,
-				zero.hash, sizeof(zero.hash));
-	if (cmp != 0) {
+	cmp = mem_equal_const_time(state->old_owf_password.hash,
+				   zero.hash, sizeof(zero.hash));
+	if (!cmp) {
 		status = netlogon_creds_des_decrypt(&state->tmp_creds,
 						    &state->old_owf_password);
 		if (tevent_req_nterror(req, status)) {
diff --git a/libcli/auth/ntlm_check.c b/libcli/auth/ntlm_check.c
index d71bdb3b1a4..cb4be7f6507 100644
--- a/libcli/auth/ntlm_check.c
+++ b/libcli/auth/ntlm_check.c
@@ -71,7 +71,7 @@ static bool smb_pwd_check_ntlmv1(TALLOC_CTX *mem_ctx,
 	DEBUGADD(100,("Value from encryption was |\n"));
 	dump_data(100, p24, 24);
 #endif
-	ok = (memcmp_const_time(p24, nt_response->data, 24) == 0);
+	ok = mem_equal_const_time(p24, nt_response->data, 24);
 	if (!ok) {
 		return false;
 	}
@@ -157,7 +157,7 @@ static bool smb_pwd_check_ntlmv2(TALLOC_CTX *mem_ctx,
 #endif
 	data_blob_clear_free(&client_key_data);
 
-	ok = (memcmp_const_time(value_from_encryption, ntv2_response->data, 16) == 0);
+	ok = mem_equal_const_time(value_from_encryption, ntv2_response->data, 16);
 	if (!ok) {
 		return false;
 	}
@@ -271,7 +271,7 @@ NTSTATUS hash_password_check(TALLOC_CTX *mem_ctx,
 	}
 
 	if (client_nt && stored_nt) {
-		if (memcmp_const_time(client_nt->hash, stored_nt->hash, sizeof(stored_nt->hash)) == 0) {
+		if (mem_equal_const_time(client_nt->hash, stored_nt->hash, sizeof(stored_nt->hash))) {
 			return NT_STATUS_OK;
 		} else {
 			DEBUG(3,("hash_password_check: Interactive logon: NT password check failed for user %s\n",
@@ -289,7 +289,7 @@ NTSTATUS hash_password_check(TALLOC_CTX *mem_ctx,
 			return NT_STATUS_NOT_FOUND;
 		}
 
-		if (memcmp_const_time(client_lanman->hash, stored_lanman->hash, sizeof(stored_lanman->hash)) == 0) {
+		if (mem_equal_const_time(client_lanman->hash, stored_lanman->hash, sizeof(stored_lanman->hash))) {
 			return NT_STATUS_OK;
 		} else {
 			DEBUG(3,("hash_password_check: Interactive logon: LANMAN password check failed for user %s\n",
-- 
cgit v1.2.1