Date: Tue, 4 Dec 2018 22:52:16 +0000 (UTC) From: Michael Tuexen <tuexen@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r341506 - stable/11/sys/netinet Message-ID: <201812042252.wB4MqGL6019590@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: tuexen Date: Tue Dec 4 22:52:15 2018 New Revision: 341506 URL: https://svnweb.freebsd.org/changeset/base/341506 Log: MFC r339042: Mitigate providing a timing signal if the COOKIE or AUTH validation fails. Thanks to jmg@ for reporting the issue, which was discussed in https://admbugs.freebsd.org/show_bug.cgi?id=878 Modified: stable/11/sys/netinet/sctp_auth.c stable/11/sys/netinet/sctp_input.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_auth.c ============================================================================== --- stable/11/sys/netinet/sctp_auth.c Tue Dec 4 22:51:13 2018 (r341505) +++ stable/11/sys/netinet/sctp_auth.c Tue Dec 4 22:52:15 2018 (r341506) @@ -1735,7 +1735,7 @@ sctp_handle_auth(struct sctp_tcb *stcb, struct sctp_au m, offset, computed_digest); /* compare the computed digest with the one in the AUTH chunk */ - if (memcmp(digest, computed_digest, digestlen) != 0) { + if (timingsafe_bcmp(digest, computed_digest, digestlen) != 0) { SCTP_STAT_INCR(sctps_recvauthfailed); SCTPDBG(SCTP_DEBUG_AUTH1, "SCTP Auth: HMAC digest check failed\n"); Modified: stable/11/sys/netinet/sctp_input.c ============================================================================== --- stable/11/sys/netinet/sctp_input.c Tue Dec 4 22:51:13 2018 (r341505) +++ stable/11/sys/netinet/sctp_input.c Tue Dec 4 22:52:15 2018 (r341506) @@ -2552,7 +2552,7 @@ sctp_handle_cookie_echo(struct mbuf *m, int iphlen, in return (NULL); } /* compare the received digest with the computed digest */ - if (memcmp(calc_sig, sig, SCTP_SIGNATURE_SIZE) != 0) { + if (timingsafe_bcmp(calc_sig, sig, SCTP_SIGNATURE_SIZE) != 0) { /* try the old cookie? */ if ((cookie->time_entered.tv_sec == (long)ep->time_of_secret_change) && (ep->current_secret_number != ep->last_secret_number)) { @@ -2561,7 +2561,7 @@ sctp_handle_cookie_echo(struct mbuf *m, int iphlen, in (uint8_t *)ep->secret_key[(int)ep->last_secret_number], SCTP_SECRET_SIZE, m, cookie_offset, calc_sig, 0); /* compare */ - if (memcmp(calc_sig, sig, SCTP_SIGNATURE_SIZE) == 0) + if (timingsafe_bcmp(calc_sig, sig, SCTP_SIGNATURE_SIZE) == 0) cookie_ok = 1; } } else {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201812042252.wB4MqGL6019590>