Репозитории ALT
| S: | 9.4.0-alt2 |
| D: | 4.0.0-alt0.1.rc4 |
| 5.1: | 4.0.15-alt4.M51.1 |
| 4.1: | 3.0.17-alt4 |
| 4.0: | 3.0.17-alt2.M40.1 |
| 3.0: | 1.3.22pl4-alt3 |
| +backports: | 3.0.17-alt3.M30 |
Группа :: Система/Серверы
Пакет: dhcpcd
навигация по пакетам
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: auth-Use-consttime_memequal-3-to-compare-hashes.patch
Скачать
Скачать
From 7121040790b611ca3fbc400a1bbcd4364ef57233 Mon Sep 17 00:00:00 2001
From: Roy Marples <roy@marples.name>
Date: Fri, 19 Apr 2019 21:40:14 +0100
Subject: [PATCH] auth: Use consttime_memequal(3) to compare hashes
This stops any attacker from trying to infer secrets from latency.
Thanks to Maxime Villard <max@m00nbsd.net>
---
src/auth.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/auth.c b/src/auth.c
index 9e24998c..ce97051e 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -354,7 +354,7 @@ gottoken:
}
free(mm);
- if (memcmp(d, &hmac_code, dlen)) {+ if (!consttime_memequal(d, &hmac_code, dlen)) {errno = EPERM;
return NULL;
}
--
2.21.0