- djm@cvs.openbsd.org 2010/07/13 11:52:06

[auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c] [packet.c ssh-rsa.c] implement a timing_safe_cmp() function to compare memory without leaking timing information by short-circuiting like memcmp() and use it for some of the more sensitive comparisons (though nothing high-value was readily attackable anyway); "looks ok" markus@
author: Damien Miller <djm@mindrot.org> 2010-07-16 13:57:51 +1000
committer: Damien Miller <djm@mindrot.org> 2010-07-16 13:57:51 +1000
commit: 8a0268f1b3f62292d4124f8d158e0587c4f7c330 (patch)
tree: 43493a3202569a2939f5616127d9de8689613a7b /channels.c
parent: d0244d498ba970b9d9348429eaf7a4a0ef2b903c (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/channels.c b/channels.c
index fe08257df..e52946bcd 100644
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.306 2010/06/25 07:20:04 djm Exp $ */
+/* $OpenBSD: channels.c,v 1.307 2010/07/13 11:52:06 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -917,7 +917,7 @@ x11_open_helper(Buffer *b)
        }
        /* Check if authentication data matches our fake data. */
        if (data_len != x11_fake_data_len ||
-            memcmp(ucp + 12 + ((proto_len + 3) & ~3),
+            timing_safe_cmp(ucp + 12 + ((proto_len + 3) & ~3),
                x11_fake_data, x11_fake_data_len) != 0) {
                debug2("X11 auth data does not match fake data.");
                return -1;
author	Damien Miller <djm@mindrot.org>	2010-07-16 13:57:51 +1000
committer	Damien Miller <djm@mindrot.org>	2010-07-16 13:57:51 +1000
commit	8a0268f1b3f62292d4124f8d158e0587c4f7c330 (patch)
tree	43493a3202569a2939f5616127d9de8689613a7b /channels.c
parent	d0244d498ba970b9d9348429eaf7a4a0ef2b903c (diff)

diff --git a/channels.c b/channels.c index fe08257df..e52946bcd 100644 --- a/channels.c +++ b/channels.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: channels.c,v 1.306 2010/06/25 07:20:04 djm Exp $ */	1	/* $OpenBSD: channels.c,v 1.307 2010/07/13 11:52:06 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -917,7 +917,7 @@ x11_open_helper(Buffer *b)
917	}	917	}
918	/* Check if authentication data matches our fake data. */	918	/* Check if authentication data matches our fake data. */
919	if (data_len != x11_fake_data_len \|\|	919	if (data_len != x11_fake_data_len \|\|
920	memcmp(ucp + 12 + ((proto_len + 3) & ~3),	920	timing_safe_cmp(ucp + 12 + ((proto_len + 3) & ~3),
921	x11_fake_data, x11_fake_data_len) != 0) {	921	x11_fake_data, x11_fake_data_len) != 0) {
922	debug2("X11 auth data does not match fake data.");	922	debug2("X11 auth data does not match fake data.");
923	return -1;	923	return -1;