git.samba.org
/
samba.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
ba6e390
)
libcli:smb2: Use constant time memcmp() to verify the signature
author
Andreas Schneider
<asn@samba.org>
Fri, 1 Apr 2016 08:15:39 +0000
(10:15 +0200)
committer
Andreas Schneider
<asn@cryptomilk.org>
Tue, 19 Apr 2016 07:37:14 +0000
(09:37 +0200)
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
libcli/smb/smb2_signing.c
patch
|
blob
|
history
diff --git
a/libcli/smb/smb2_signing.c
b/libcli/smb/smb2_signing.c
index b72355429ef27f56676084d66e34822d5024a84a..90d80cc9ba06811334e1c2cbe96f83364992dc88 100644
(file)
--- a/
libcli/smb/smb2_signing.c
+++ b/
libcli/smb/smb2_signing.c
@@
-167,7
+167,7
@@
NTSTATUS smb2_signing_check_pdu(DATA_BLOB signing_key,
memcpy(res, digest, 16);
}
- if (memcmp(res, sig, 16) != 0) {
+ if (memcmp
_const_time
(res, sig, 16) != 0) {
DEBUG(0,("Bad SMB2 signature for message\n"));
dump_data(0, sig, 16);
dump_data(0, res, 16);