diff options
author | Greg Hudson <ghudson@mit.edu> | 2013-10-02 17:58:06 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2013-10-03 15:26:00 -0400 |
commit | 07d68eec2788bfe80686608813f644838707c168 (patch) | |
tree | 59c01da03dc85a005b5936ecf836eac4fe71c98b /src/plugins/preauth/pkinit/pkinit_srv.c | |
parent | ac7d07c2cc54e9f07fe81ac4c50bcc80ecc7ac54 (diff) | |
download | krb5-07d68eec2788bfe80686608813f644838707c168.tar.gz krb5-07d68eec2788bfe80686608813f644838707c168.tar.xz krb5-07d68eec2788bfe80686608813f644838707c168.zip |
Use constant-time comparisons for checksums
Diffstat (limited to 'src/plugins/preauth/pkinit/pkinit_srv.c')
-rw-r--r-- | src/plugins/preauth/pkinit/pkinit_srv.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/plugins/preauth/pkinit/pkinit_srv.c b/src/plugins/preauth/pkinit/pkinit_srv.c index 640e835ca..1179216b5 100644 --- a/src/plugins/preauth/pkinit/pkinit_srv.c +++ b/src/plugins/preauth/pkinit/pkinit_srv.c @@ -461,9 +461,9 @@ pkinit_server_verify_padata(krb5_context context, goto cleanup; } if (cksum.length != auth_pack->pkAuthenticator.paChecksum.length || - memcmp(cksum.contents, - auth_pack->pkAuthenticator.paChecksum.contents, - cksum.length)) { + k5_bcmp(cksum.contents, + auth_pack->pkAuthenticator.paChecksum.contents, + cksum.length) != 0) { pkiDebug("failed to match the checksum\n"); #ifdef DEBUG_CKSUM pkiDebug("calculating checksum on buf size (%d)\n", |