libcli:smb2: Use constant time memcmp() to verify the signature

author Andreas Schneider <asn@samba.org>

Fri, 1 Apr 2016 08:15:39 +0000 (10:15 +0200)

committer Andreas Schneider <asn@cryptomilk.org>

Tue, 19 Apr 2016 07:37:14 +0000 (09:37 +0200)
author Andreas Schneider <asn@samba.org>
Fri, 1 Apr 2016 08:15:39 +0000 (10:15 +0200)
committer Andreas Schneider <asn@cryptomilk.org>
Tue, 19 Apr 2016 07:37:14 +0000 (09:37 +0200)
diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c

index b72355429ef27f56676084d66e34822d5024a84a..90d80cc9ba06811334e1c2cbe96f83364992dc88 100644 (file)
--- a/libcli/smb/smb2_signing.c
+++ b/libcli/smb/smb2_signing.c
@@ -167,7 +167,7 @@ NTSTATUS smb2_signing_check_pdu(DATA_BLOB signing_key,
                 memcpy(res, digest, 16);
         }
  
-       if (memcmp(res, sig, 16) != 0) {
+       if (memcmp_const_time(res, sig, 16) != 0) {
                 DEBUG(0,("Bad SMB2 signature for message\n"));
                 dump_data(0, sig, 16);
                 dump_data(0, res, 16);
author	Andreas Schneider <asn@samba.org>
	Fri, 1 Apr 2016 08:15:39 +0000 (10:15 +0200)
committer	Andreas Schneider <asn@cryptomilk.org>
	Tue, 19 Apr 2016 07:37:14 +0000 (09:37 +0200)