Date: Mon, 1 Oct 2018 16:07:21 +0200 From: Michael Tuexen <tuexen@freebsd.org> To: src-committers <src-committers@freebsd.org>, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r339042 - head/sys/netinet Message-ID: <4DA0784B-9ED3-4A9E-B786-BF0608D7E6DA@freebsd.org> In-Reply-To: <201810011405.w91E5WbA032630@repo.freebsd.org> References: <201810011405.w91E5WbA032630@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 1. Oct 2018, at 16:05, Michael Tuexen <tuexen@FreeBSD.org> wrote: >=20 > Author: tuexen > Date: Mon Oct 1 14:05:31 2018 > New Revision: 339042 > URL: https://svnweb.freebsd.org/changeset/base/339042 >=20 > Log: > Mitigate providing a timing signal if the COOKIE or AUTH > validation fails. > Thanks to jmg@ for reporting the issue, which was discussed in > https://admbugs.freebsd.org/show_bug.cgi?id=3D878 >=20 > Approved by: re (TBD@) Should have been re (gjb@). Best regards Michael > MFC after: 1 week >=20 > Modified: > head/sys/netinet/sctp_auth.c > head/sys/netinet/sctp_input.c >=20 > Modified: head/sys/netinet/sctp_auth.c > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- head/sys/netinet/sctp_auth.c Mon Oct 1 14:02:29 2018 = (r339041) > +++ head/sys/netinet/sctp_auth.c Mon Oct 1 14:05:31 2018 = (r339042) > @@ -1706,7 +1706,7 @@ sctp_handle_auth(struct sctp_tcb *stcb, struct = sctp_au > m, offset, computed_digest); >=20 > /* compare the computed digest with the one in the AUTH chunk */ > - if (memcmp(digest, computed_digest, digestlen) !=3D 0) { > + if (timingsafe_bcmp(digest, computed_digest, digestlen) !=3D 0) = { > SCTP_STAT_INCR(sctps_recvauthfailed); > SCTPDBG(SCTP_DEBUG_AUTH1, > "SCTP Auth: HMAC digest check failed\n"); >=20 > Modified: head/sys/netinet/sctp_input.c > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- head/sys/netinet/sctp_input.c Mon Oct 1 14:02:29 2018 = (r339041) > +++ head/sys/netinet/sctp_input.c Mon Oct 1 14:05:31 2018 = (r339042) > @@ -2554,7 +2554,7 @@ sctp_handle_cookie_echo(struct mbuf *m, int = iphlen, in > return (NULL); > } > /* compare the received digest with the computed digest */ > - if (memcmp(calc_sig, sig, SCTP_SIGNATURE_SIZE) !=3D 0) { > + if (timingsafe_bcmp(calc_sig, sig, SCTP_SIGNATURE_SIZE) !=3D 0) = { > /* try the old cookie? */ > if ((cookie->time_entered.tv_sec =3D=3D = (long)ep->time_of_secret_change) && > (ep->current_secret_number !=3D = ep->last_secret_number)) { > @@ -2563,7 +2563,7 @@ sctp_handle_cookie_echo(struct mbuf *m, int = iphlen, in > (uint8_t = *)ep->secret_key[(int)ep->last_secret_number], > SCTP_SECRET_SIZE, m, cookie_offset, = calc_sig, 0); > /* compare */ > - if (memcmp(calc_sig, sig, SCTP_SIGNATURE_SIZE) = =3D=3D 0) > + if (timingsafe_bcmp(calc_sig, sig, = SCTP_SIGNATURE_SIZE) =3D=3D 0) > cookie_ok =3D 1; > } > } else { >=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4DA0784B-9ED3-4A9E-B786-BF0608D7E6DA>