From: yasuoka Date: Thu, 8 Aug 2024 09:16:37 +0000 (+0000) Subject: Use timingsafe_memcmp() when comparing the authenticators. from iij. X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=9c0ae8ffc6ba0cfaabfcb5ac09025f7b33b78adb;p=openbsd Use timingsafe_memcmp() when comparing the authenticators. from iij. --- diff --git a/lib/libradius/radius.c b/lib/libradius/radius.c index f1a20cc5c0a..db351ea97cd 100644 --- a/lib/libradius/radius.c +++ b/lib/libradius/radius.c @@ -1,4 +1,4 @@ -/* $OpenBSD: radius.c,v 1.4 2023/07/08 08:53:26 yasuoka Exp $ */ +/* $OpenBSD: radius.c,v 1.5 2024/08/08 09:16:37 yasuoka Exp $ */ /*- * Copyright (c) 2009 Internet Initiative Japan Inc. @@ -261,7 +261,8 @@ radius_check_response_authenticator(const RADIUS_PACKET * packet, uint8_t authenticator[16]; radius_calc_response_authenticator(authenticator, packet, secret); - return (memcmp(authenticator, packet->pdata->authenticator, 16)); + return (timingsafe_memcmp(authenticator, packet->pdata->authenticator, + 16)); } void @@ -299,7 +300,8 @@ radius_check_accounting_request_authenticator(const RADIUS_PACKET * packet, radius_calc_accounting_request_authenticator(authenticator, packet, secret); - return (memcmp(authenticator, packet->pdata->authenticator, 16)); + return (timingsafe_memcmp(authenticator, packet->pdata->authenticator, + 16)); } diff --git a/lib/libradius/radius_msgauth.c b/lib/libradius/radius_msgauth.c index bbc26e77ac3..97170b65dbc 100644 --- a/lib/libradius/radius_msgauth.c +++ b/lib/libradius/radius_msgauth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: radius_msgauth.c,v 1.3 2024/07/24 08:19:16 yasuoka Exp $ */ +/* $OpenBSD: radius_msgauth.c,v 1.4 2024/08/08 09:16:37 yasuoka Exp $ */ /*- * Copyright (c) 2009 Internet Initiative Japan Inc. @@ -149,5 +149,5 @@ radius_check_message_authenticator(RADIUS_PACKET * packet, const char *secret) if (len != sizeof(ma1)) return (-1); - return (memcmp(ma0, ma1, sizeof(ma1))); + return (timingsafe_memcmp(ma0, ma1, sizeof(ma1))); }