svn commit: r341506 - stable/11/sys/netinet

Tue, 04 Dec 2018 14:53:23 -0800 

Author: tuexen
Date: Tue Dec  4 22:52:15 2018
New Revision: 341506
URL: https://svnweb.freebsd.org/changeset/base/341506

Log:
  MFC r339042:
  
  Mitigate providing a timing signal if the COOKIE or AUTH
  validation fails.
  Thanks to jmg@ for reporting the issue, which was discussed in
  https://admbugs.freebsd.org/show_bug.cgi?id=878

Modified:
  stable/11/sys/netinet/sctp_auth.c
  stable/11/sys/netinet/sctp_input.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/netinet/sctp_auth.c
==============================================================================
--- stable/11/sys/netinet/sctp_auth.c   Tue Dec  4 22:51:13 2018        
(r341505)
+++ stable/11/sys/netinet/sctp_auth.c   Tue Dec  4 22:52:15 2018        
(r341506)
@@ -1735,7 +1735,7 @@ sctp_handle_auth(struct sctp_tcb *stcb, struct sctp_au
            m, offset, computed_digest);
 
        /* compare the computed digest with the one in the AUTH chunk */
-       if (memcmp(digest, computed_digest, digestlen) != 0) {
+       if (timingsafe_bcmp(digest, computed_digest, digestlen) != 0) {
                SCTP_STAT_INCR(sctps_recvauthfailed);
                SCTPDBG(SCTP_DEBUG_AUTH1,
                    "SCTP Auth: HMAC digest check failed\n");

Modified: stable/11/sys/netinet/sctp_input.c
==============================================================================
--- stable/11/sys/netinet/sctp_input.c  Tue Dec  4 22:51:13 2018        
(r341505)
+++ stable/11/sys/netinet/sctp_input.c  Tue Dec  4 22:52:15 2018        
(r341506)
@@ -2552,7 +2552,7 @@ sctp_handle_cookie_echo(struct mbuf *m, int iphlen, in
                return (NULL);
        }
        /* compare the received digest with the computed digest */
-       if (memcmp(calc_sig, sig, SCTP_SIGNATURE_SIZE) != 0) {
+       if (timingsafe_bcmp(calc_sig, sig, SCTP_SIGNATURE_SIZE) != 0) {
                /* try the old cookie? */
                if ((cookie->time_entered.tv_sec == 
(long)ep->time_of_secret_change) &&
                    (ep->current_secret_number != ep->last_secret_number)) {
@@ -2561,7 +2561,7 @@ sctp_handle_cookie_echo(struct mbuf *m, int iphlen, in
                            (uint8_t 
*)ep->secret_key[(int)ep->last_secret_number],
                            SCTP_SECRET_SIZE, m, cookie_offset, calc_sig, 0);
                        /* compare */
-                       if (memcmp(calc_sig, sig, SCTP_SIGNATURE_SIZE) == 0)
+                       if (timingsafe_bcmp(calc_sig, sig, SCTP_SIGNATURE_SIZE) 
== 0)
                                cookie_ok = 1;
                }
        } else {
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "[email protected]"

Reply via email to