diff options
| author | Matthew Dempsky <matthew@cvs.openbsd.org> | 2010-07-20 15:36:04 +0000 |
|---|---|---|
| committer | Matthew Dempsky <matthew@cvs.openbsd.org> | 2010-07-20 15:36:04 +0000 |
| commit | f95bf0159b9d317656e04f36a7b45f5984a04918 (patch) | |
| tree | ad30ebd92f81eada1f3fafedd81cc6fbf3209fa4 /sys/netinet/ip_esp.c | |
| parent | c423123010a4d3b4ee7bbd318a9d01bad08b80a2 (diff) | |
Switch some obvious network stack MAC comparisons from bcmp() to
timingsafe_bcmp().
ok deraadt@; committed over WPA.
Diffstat (limited to 'sys/netinet/ip_esp.c')
| -rw-r--r-- | sys/netinet/ip_esp.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/netinet/ip_esp.c b/sys/netinet/ip_esp.c index 66f50499e50..a843c0eb18e 100644 --- a/sys/netinet/ip_esp.c +++ b/sys/netinet/ip_esp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp.c,v 1.110 2010/07/09 16:58:06 reyk Exp $ */ +/* $OpenBSD: ip_esp.c,v 1.111 2010/07/20 15:36:03 matthew Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -559,7 +559,7 @@ esp_input_cb(void *op) ptr = (caddr_t) (tc + 1); /* Verify authenticator */ - if (bcmp(ptr, aalg, esph->authsize)) { + if (timingsafe_bcmp(ptr, aalg, esph->authsize)) { free(tc, M_XDATA); DPRINTF(("esp_input_cb(): authentication failed for packet in SA %s/%08x\n", ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi))); espstat.esps_badauth++; |