src - OpenBSD base system

diff options


context:
space:
mode:

author	Matthew Dempsky <matthew@cvs.openbsd.org>	2010-07-20 15:36:04 +0000
committer	Matthew Dempsky <matthew@cvs.openbsd.org>	2010-07-20 15:36:04 +0000
commit	f95bf0159b9d317656e04f36a7b45f5984a04918 (patch)
tree	ad30ebd92f81eada1f3fafedd81cc6fbf3209fa4 /sys/netinet
parent	c423123010a4d3b4ee7bbd318a9d01bad08b80a2 (diff)

Switch some obvious network stack MAC comparisons from bcmp() to

timingsafe_bcmp(). ok deraadt@; committed over WPA.

Diffstat (limited to 'sys/netinet')

-rw-r--r--

sys/netinet/ip_ah.c

-rw-r--r--

sys/netinet/ip_carp.c

-rw-r--r--

sys/netinet/ip_esp.c

-rw-r--r--

sys/netinet/tcp_input.c

4 files changed, 9 insertions, 9 deletions

diff --git a/sys/netinet/ip_ah.c b/sys/netinet/ip_ah.c
index eae796f36af..013c0fdb9ad 100644
--- a/sys/netinet/ip_ah.c
+++ b/sys/netinet/ip_ah.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ip_ah.c,v 1.97 2010/07/09 16:58:06 reyk Exp $ */

+/* $OpenBSD: ip_ah.c,v 1.98 2010/07/20 15:36:03 matthew Exp $ */

* The authors of this code are John Ioannidis (ji@tla.org),

* Angelos D. Keromytis (kermit@csd.uch.gr) and

@@ -815,7 +815,7 @@ ah_input_cb(void *op)

ptr = (caddr_t) (tc + 1);

/* Verify authenticator. */

- if (bcmp(ptr + skip + rplen, calc, ahx->authsize)) {

+ if (timingsafe_bcmp(ptr + skip + rplen, calc, ahx->authsize)) {

free(tc, M_XDATA);

DPRINTF(("ah_input(): authentication failed for "

diff --git a/sys/netinet/ip_carp.c b/sys/netinet/ip_carp.c
index af64fd19e40..0ba78e71bf3 100644
--- a/sys/netinet/ip_carp.c
+++ b/sys/netinet/ip_carp.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ip_carp.c,v 1.175 2010/04/25 17:38:53 mpf Exp $ */

+/* $OpenBSD: ip_carp.c,v 1.176 2010/07/20 15:36:03 matthew Exp $ */

@@ -392,7 +392,7 @@ carp_hmac_verify(struct carp_vhost_entry *vhe, u_int32_t counter[2],

for (i = 0; i < HMAC_MAX; i++) {

carp_hmac_generate(vhe, counter, md2, i);

- if (!bcmp(md, md2, sizeof(md2)))

+ if (!timingsafe_bcmp(md, md2, sizeof(md2)))

return (0);

}

return (1);

diff --git a/sys/netinet/ip_esp.c b/sys/netinet/ip_esp.c
index 66f50499e50..a843c0eb18e 100644
--- a/sys/netinet/ip_esp.c
+++ b/sys/netinet/ip_esp.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ip_esp.c,v 1.110 2010/07/09 16:58:06 reyk Exp $ */

+/* $OpenBSD: ip_esp.c,v 1.111 2010/07/20 15:36:03 matthew Exp $ */

* The authors of this code are John Ioannidis (ji@tla.org),

* Angelos D. Keromytis (kermit@csd.uch.gr) and

@@ -559,7 +559,7 @@ esp_input_cb(void *op)

ptr = (caddr_t) (tc + 1);

/* Verify authenticator */

- if (bcmp(ptr, aalg, esph->authsize)) {

+ if (timingsafe_bcmp(ptr, aalg, esph->authsize)) {

free(tc, M_XDATA);

DPRINTF(("esp_input_cb(): authentication failed for packet in SA %s/%08x\n", ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));

espstat.esps_badauth++;

diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c
index 3516af7deb8..d923a3c6713 100644
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: tcp_input.c,v 1.234 2010/07/09 16:58:06 reyk Exp $ */

+/* $OpenBSD: tcp_input.c,v 1.235 2010/07/20 15:36:03 matthew Exp $ */

/* $NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $ */

@@ -2351,7 +2351,7 @@ tcp_dooptions(struct tcpcb *tp, u_char *cp, int cnt, struct tcphdr *th,

if (optlen != TCPOLEN_SIGNATURE)

continue;

- if (sigp && bcmp(sigp, cp + 2, 16))

+ if (sigp && timingsafe_bcmp(sigp, cp + 2, 16))

return (-1);

sigp = cp + 2;

@@ -2419,7 +2419,7 @@ tcp_dooptions(struct tcpcb *tp, u_char *cp, int cnt, struct tcphdr *th,

if (tcp_signature(tdb, tp->pf, m, th, iphlen, 1, sig) < 0)

return (-1);

- if (bcmp(sig, sigp, 16)) {

+ if (timingsafe_bcmp(sig, sigp, 16)) {

tcpstat.tcps_rcvbadsig++;

return (-1);

}