s4:libcli:smb2: Use constant time memcmp() to verify the signature

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source4/libcli/smb2/signing.c b/source4/libcli/smb2/signing.c
index 6af7a6d4a1131fbbe610baa2dc9755b3f9d08165..8f8074b170de51875cd38cf25dff5decf72e8cc5 100644 (file)
--- a/source4/libcli/smb2/signing.c
+++ b/source4/libcli/smb2/signing.c
@@ -111,7 +111,7 @@ NTSTATUS smb2_check_signature(struct smb2_request_buffer *buf, DATA_BLOB session
 
        memcpy(buf->hdr+SMB2_HDR_SIGNATURE, sig, 16);
 
-       if (memcmp(res, sig, 16) != 0) {
+       if (memcmp_const_time(res, sig, 16) != 0) {
                DEBUG(0,("Bad SMB2 signature for message of size %u\n", 
                         (unsigned)buf->size-NBT_HDR_SIZE));
                dump_data(0, sig, 16);