Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2025-01-18 02:44:03 -05:00
Code Issues Projects Releases Wiki Activity

EAP-LEAP: Use os_memcmp_const() for hash/password comparisons

Browse Source 
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2014-06-29 20:22:17 +03:00
parent 8f92826b15
commit 7b1e745870
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/eap_peer/eap_leap.c
View File

@ -244,7 +244,7 @@ static struct wpabuf * eap_leap_process_response(struct eap_sm *sm, void *priv,
ret->methodState = METHOD_DONE; ret->methodState = METHOD_DONE;
ret->allowNotifications = FALSE; ret->allowNotifications = FALSE;
if (os_memcmp(pos, expected, LEAP_RESPONSE_LEN) != 0) { if (os_memcmp_const(pos, expected, LEAP_RESPONSE_LEN) != 0) {
wpa_printf(MSG_WARNING, "EAP-LEAP: AP sent an invalid " wpa_printf(MSG_WARNING, "EAP-LEAP: AP sent an invalid "
"response - authentication failed"); "response - authentication failed");
wpa_hexdump(MSG_DEBUG, "EAP-LEAP: Expected response from AP", wpa_hexdump(MSG_DEBUG, "EAP-LEAP: Expected response from AP",