Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2025-01-29 08:14:02 -05:00
Code Issues Projects Releases Wiki Activity

EAP-MSCHAPv2: Use os_memcmp_const() for hash/password comparisons

Browse Source 
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2014-06-29 20:25:36 +03:00
parent 30411b351c
commit a6eae3f7a1
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/eap_peer/mschapv2.c
View File

@ -117,8 +117,8 @@ int mschapv2_verify_auth_response(const u8 *auth_response,
buf[0] != 'S' || buf[1] != '=' || buf[0] != 'S' || buf[1] != '=' ||
hexstr2bin((char *) (buf + 2), recv_response, hexstr2bin((char *) (buf + 2), recv_response,
MSCHAPV2_AUTH_RESPONSE_LEN) || MSCHAPV2_AUTH_RESPONSE_LEN) ||
os_memcmp(auth_response, recv_response, os_memcmp_const(auth_response, recv_response,
MSCHAPV2_AUTH_RESPONSE_LEN) != 0) MSCHAPV2_AUTH_RESPONSE_LEN) != 0)
return -1; return -1;
return 0; return 0;
} }

2
src/eap_server/eap_server_mschapv2.c
View File

@ -393,7 +393,7 @@ static void eap_mschapv2_process_response(struct eap_sm *sm,
return; return;
} }
if (os_memcmp(nt_response, expected, 24) == 0) { if (os_memcmp_const(nt_response, expected, 24) == 0) {
const u8 *pw_hash; const u8 *pw_hash;
u8 pw_hash_buf[16], pw_hash_hash[16]; u8 pw_hash_buf[16], pw_hash_hash[16];