svn commit: r339042 - head/sys/netinet

Michael Tuexen tuexen at freebsd.org
Mon Oct 1 14:07:39 UTC 2018 

> On 1. Oct 2018, at 16:05, Michael Tuexen <tuexen at FreeBSD.org> wrote:
> 
> Author: tuexen
> Date: Mon Oct  1 14:05:31 2018
> New Revision: 339042
> URL: https://svnweb.freebsd.org/changeset/base/339042
> 
> Log:
>  Mitigate providing a timing signal if the COOKIE or AUTH
>  validation fails.
>  Thanks to jmg@ for reporting the issue, which was discussed in
>  https://admbugs.freebsd.org/show_bug.cgi?id=878
> 
>  Approved by:            re (TBD@)
Should have been re (gjb@).

Best regards
Michael
>  MFC after:              1 week
> 
> Modified:
>  head/sys/netinet/sctp_auth.c
>  head/sys/netinet/sctp_input.c
> 
> Modified: head/sys/netinet/sctp_auth.c
> ==============================================================================
> --- head/sys/netinet/sctp_auth.c	Mon Oct  1 14:02:29 2018	(r339041)
> +++ head/sys/netinet/sctp_auth.c	Mon Oct  1 14:05:31 2018	(r339042)
> @@ -1706,7 +1706,7 @@ sctp_handle_auth(struct sctp_tcb *stcb, struct sctp_au
> 	    m, offset, computed_digest);
> 
> 	/* compare the computed digest with the one in the AUTH chunk */
> -	if (memcmp(digest, computed_digest, digestlen) != 0) {
> +	if (timingsafe_bcmp(digest, computed_digest, digestlen) != 0) {
> 		SCTP_STAT_INCR(sctps_recvauthfailed);
> 		SCTPDBG(SCTP_DEBUG_AUTH1,
> 		    "SCTP Auth: HMAC digest check failed\n");
> 
> Modified: head/sys/netinet/sctp_input.c
> ==============================================================================
> --- head/sys/netinet/sctp_input.c	Mon Oct  1 14:02:29 2018	(r339041)
> +++ head/sys/netinet/sctp_input.c	Mon Oct  1 14:05:31 2018	(r339042)
> @@ -2554,7 +2554,7 @@ sctp_handle_cookie_echo(struct mbuf *m, int iphlen, in
> 		return (NULL);
> 	}
> 	/* compare the received digest with the computed digest */
> -	if (memcmp(calc_sig, sig, SCTP_SIGNATURE_SIZE) != 0) {
> +	if (timingsafe_bcmp(calc_sig, sig, SCTP_SIGNATURE_SIZE) != 0) {
> 		/* try the old cookie? */
> 		if ((cookie->time_entered.tv_sec == (long)ep->time_of_secret_change) &&
> 		    (ep->current_secret_number != ep->last_secret_number)) {
> @@ -2563,7 +2563,7 @@ sctp_handle_cookie_echo(struct mbuf *m, int iphlen, in
> 			    (uint8_t *)ep->secret_key[(int)ep->last_secret_number],
> 			    SCTP_SECRET_SIZE, m, cookie_offset, calc_sig, 0);
> 			/* compare */
> -			if (memcmp(calc_sig, sig, SCTP_SIGNATURE_SIZE) == 0)
> +			if (timingsafe_bcmp(calc_sig, sig, SCTP_SIGNATURE_SIZE) == 0)
> 				cookie_ok = 1;
> 		}
> 	} else {
>

More information about the svn-src-head mailing list