diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2010-07-13 11:52:07 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2010-07-13 11:52:07 +0000 |
| commit | 439a9e4cff4f679a09620b9192027341cadd74a9 (patch) | |
| tree | c6dbcd86c0fad43fac691cee257d3494134ac0f8 /usr.bin/ssh/monitor.c | |
| parent | 8aff31586b277915a11936e9cdeae98ce64aaeb6 (diff) | |
implement a timing_safe_cmp() function to compare memory without leaking
timing information by short-circuiting like memcmp() and use it for
some of the more sensitive comparisons (though nothing high-value was
readily attackable anyway); "looks ok" markus@
Diffstat (limited to 'usr.bin/ssh/monitor.c')
| -rw-r--r-- | usr.bin/ssh/monitor.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c index 9e57acf8cdc..d3b9211928f 100644 --- a/usr.bin/ssh/monitor.c +++ b/usr.bin/ssh/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.106 2010/03/07 11:57:13 dtucker Exp $ */ +/* $OpenBSD: monitor.c,v 1.107 2010/07/13 11:52:06 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -433,7 +433,7 @@ monitor_allowed_key(u_char *blob, u_int bloblen) { /* make sure key is allowed */ if (key_blob == NULL || key_bloblen != bloblen || - memcmp(key_blob, blob, key_bloblen)) + timing_safe_cmp(key_blob, blob, key_bloblen)) return (0); return (1); } @@ -829,14 +829,14 @@ monitor_valid_userblob(u_char *data, u_int datalen) len = buffer_len(&b); if ((session_id2 == NULL) || (len < session_id2_len) || - (memcmp(p, session_id2, session_id2_len) != 0)) + (timing_safe_cmp(p, session_id2, session_id2_len) != 0)) fail++; buffer_consume(&b, session_id2_len); } else { p = buffer_get_string(&b, &len); if ((session_id2 == NULL) || (len != session_id2_len) || - (memcmp(p, session_id2, session_id2_len) != 0)) + (timing_safe_cmp(p, session_id2, session_id2_len) != 0)) fail++; xfree(p); } @@ -884,7 +884,7 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, p = buffer_get_string(&b, &len); if ((session_id2 == NULL) || (len != session_id2_len) || - (memcmp(p, session_id2, session_id2_len) != 0)) + (timing_safe_cmp(p, session_id2, session_id2_len) != 0)) fail++; xfree(p); @@ -1361,9 +1361,9 @@ mm_get_kex(Buffer *m) kex = xcalloc(1, sizeof(*kex)); kex->session_id = buffer_get_string(m, &kex->session_id_len); - if ((session_id2 == NULL) || - (kex->session_id_len != session_id2_len) || - (memcmp(kex->session_id, session_id2, session_id2_len) != 0)) + if (session_id2 == NULL || + kex->session_id_len != session_id2_len || + timing_safe_cmp(kex->session_id, session_id2, session_id2_len) != 0) fatal("mm_get_get: internal error: bad session id"); kex->we_need = buffer_get_int(m); kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; |