git.samba.org
/
samba.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
5035f1a
)
s4:libcli:smb2: Use constant time memcmp() to verify the signature
author
Andreas Schneider
<asn@samba.org>
Fri, 1 Apr 2016 08:16:25 +0000
(10:16 +0200)
committer
Andreas Schneider
<asn@cryptomilk.org>
Tue, 19 Apr 2016 07:37:14 +0000
(09:37 +0200)
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
source4/libcli/smb2/signing.c
patch
|
blob
|
history
diff --git
a/source4/libcli/smb2/signing.c
b/source4/libcli/smb2/signing.c
index 6af7a6d4a1131fbbe610baa2dc9755b3f9d08165..8f8074b170de51875cd38cf25dff5decf72e8cc5 100644
(file)
--- a/
source4/libcli/smb2/signing.c
+++ b/
source4/libcli/smb2/signing.c
@@
-111,7
+111,7
@@
NTSTATUS smb2_check_signature(struct smb2_request_buffer *buf, DATA_BLOB session
memcpy(buf->hdr+SMB2_HDR_SIGNATURE, sig, 16);
- if (memcmp(res, sig, 16) != 0) {
+ if (memcmp
_const_time
(res, sig, 16) != 0) {
DEBUG(0,("Bad SMB2 signature for message of size %u\n",
(unsigned)buf->size-NBT_HDR_SIZE));
dump_data(0, sig, 16);