diff options
Diffstat (limited to 'monitor.c')
-rw-r--r-- | monitor.c | 20 |
1 files changed, 10 insertions, 10 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor.c,v 1.106 2010/03/07 11:57:13 dtucker Exp $ */ | 1 | /* $OpenBSD: monitor.c,v 1.108 2010/07/13 23:13:16 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
@@ -537,7 +537,7 @@ monitor_allowed_key(u_char *blob, u_int bloblen) | |||
537 | { | 537 | { |
538 | /* make sure key is allowed */ | 538 | /* make sure key is allowed */ |
539 | if (key_blob == NULL || key_bloblen != bloblen || | 539 | if (key_blob == NULL || key_bloblen != bloblen || |
540 | memcmp(key_blob, blob, key_bloblen)) | 540 | timingsafe_bcmp(key_blob, blob, key_bloblen)) |
541 | return (0); | 541 | return (0); |
542 | return (1); | 542 | return (1); |
543 | } | 543 | } |
@@ -965,8 +965,8 @@ mm_answer_pam_init_ctx(int sock, Buffer *m) | |||
965 | int | 965 | int |
966 | mm_answer_pam_query(int sock, Buffer *m) | 966 | mm_answer_pam_query(int sock, Buffer *m) |
967 | { | 967 | { |
968 | char *name, *info, **prompts; | 968 | char *name = NULL, *info = NULL, **prompts = NULL; |
969 | u_int i, num, *echo_on; | 969 | u_int i, num = 0, *echo_on = 0; |
970 | int ret; | 970 | int ret; |
971 | 971 | ||
972 | debug3("%s", __func__); | 972 | debug3("%s", __func__); |
@@ -1146,14 +1146,14 @@ monitor_valid_userblob(u_char *data, u_int datalen) | |||
1146 | len = buffer_len(&b); | 1146 | len = buffer_len(&b); |
1147 | if ((session_id2 == NULL) || | 1147 | if ((session_id2 == NULL) || |
1148 | (len < session_id2_len) || | 1148 | (len < session_id2_len) || |
1149 | (memcmp(p, session_id2, session_id2_len) != 0)) | 1149 | (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) |
1150 | fail++; | 1150 | fail++; |
1151 | buffer_consume(&b, session_id2_len); | 1151 | buffer_consume(&b, session_id2_len); |
1152 | } else { | 1152 | } else { |
1153 | p = buffer_get_string(&b, &len); | 1153 | p = buffer_get_string(&b, &len); |
1154 | if ((session_id2 == NULL) || | 1154 | if ((session_id2 == NULL) || |
1155 | (len != session_id2_len) || | 1155 | (len != session_id2_len) || |
1156 | (memcmp(p, session_id2, session_id2_len) != 0)) | 1156 | (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) |
1157 | fail++; | 1157 | fail++; |
1158 | xfree(p); | 1158 | xfree(p); |
1159 | } | 1159 | } |
@@ -1201,7 +1201,7 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, | |||
1201 | p = buffer_get_string(&b, &len); | 1201 | p = buffer_get_string(&b, &len); |
1202 | if ((session_id2 == NULL) || | 1202 | if ((session_id2 == NULL) || |
1203 | (len != session_id2_len) || | 1203 | (len != session_id2_len) || |
1204 | (memcmp(p, session_id2, session_id2_len) != 0)) | 1204 | (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) |
1205 | fail++; | 1205 | fail++; |
1206 | xfree(p); | 1206 | xfree(p); |
1207 | 1207 | ||
@@ -1725,9 +1725,9 @@ mm_get_kex(Buffer *m) | |||
1725 | 1725 | ||
1726 | kex = xcalloc(1, sizeof(*kex)); | 1726 | kex = xcalloc(1, sizeof(*kex)); |
1727 | kex->session_id = buffer_get_string(m, &kex->session_id_len); | 1727 | kex->session_id = buffer_get_string(m, &kex->session_id_len); |
1728 | if ((session_id2 == NULL) || | 1728 | if (session_id2 == NULL || |
1729 | (kex->session_id_len != session_id2_len) || | 1729 | kex->session_id_len != session_id2_len || |
1730 | (memcmp(kex->session_id, session_id2, session_id2_len) != 0)) | 1730 | timingsafe_bcmp(kex->session_id, session_id2, session_id2_len) != 0) |
1731 | fatal("mm_get_get: internal error: bad session id"); | 1731 | fatal("mm_get_get: internal error: bad session id"); |
1732 | kex->we_need = buffer_get_int(m); | 1732 | kex->we_need = buffer_get_int(m); |
1733 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; | 1733 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; |