Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2025-01-30 08:44:03 -05:00
Code Issues Projects Releases Wiki Activity

EAP-SAKE: Use os_memcmp_const() for hash/password comparisons

Browse Source 
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2014-06-29 20:19:59 +03:00
parent 05c79d6acd
commit dfb5608139
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/eap_peer/eap_sake.c
View File

@ -315,7 +315,7 @@ static struct wpabuf * eap_sake_process_confirm(struct eap_sm *sm,
data->peerid, data->peerid_len, 0, data->peerid, data->peerid_len, 0,
wpabuf_head(reqData), wpabuf_len(reqData), wpabuf_head(reqData), wpabuf_len(reqData),
attr.mic_s, mic_s); attr.mic_s, mic_s);
if (os_memcmp(attr.mic_s, mic_s, EAP_SAKE_MIC_LEN) != 0) { if (os_memcmp_const(attr.mic_s, mic_s, EAP_SAKE_MIC_LEN) != 0) {
wpa_printf(MSG_INFO, "EAP-SAKE: Incorrect AT_MIC_S"); wpa_printf(MSG_INFO, "EAP-SAKE: Incorrect AT_MIC_S");
eap_sake_state(data, FAILURE); eap_sake_state(data, FAILURE);
ret->methodState = METHOD_DONE; ret->methodState = METHOD_DONE;

4
src/eap_server/eap_server_sake.c
View File

@ -351,7 +351,7 @@ static void eap_sake_process_challenge(struct eap_sm *sm,
data->peerid, data->peerid_len, 1, data->peerid, data->peerid_len, 1,
wpabuf_head(respData), wpabuf_len(respData), wpabuf_head(respData), wpabuf_len(respData),
attr.mic_p, mic_p); attr.mic_p, mic_p);
if (os_memcmp(attr.mic_p, mic_p, EAP_SAKE_MIC_LEN) != 0) { if (os_memcmp_const(attr.mic_p, mic_p, EAP_SAKE_MIC_LEN) != 0) {
wpa_printf(MSG_INFO, "EAP-SAKE: Incorrect AT_MIC_P"); wpa_printf(MSG_INFO, "EAP-SAKE: Incorrect AT_MIC_P");
eap_sake_state(data, FAILURE); eap_sake_state(data, FAILURE);
return; return;
@ -388,7 +388,7 @@ static void eap_sake_process_confirm(struct eap_sm *sm,
data->peerid, data->peerid_len, 1, data->peerid, data->peerid_len, 1,
wpabuf_head(respData), wpabuf_len(respData), wpabuf_head(respData), wpabuf_len(respData),
attr.mic_p, mic_p); attr.mic_p, mic_p);
if (os_memcmp(attr.mic_p, mic_p, EAP_SAKE_MIC_LEN) != 0) { if (os_memcmp_const(attr.mic_p, mic_p, EAP_SAKE_MIC_LEN) != 0) {
wpa_printf(MSG_INFO, "EAP-SAKE: Incorrect AT_MIC_P"); wpa_printf(MSG_INFO, "EAP-SAKE: Incorrect AT_MIC_P");
eap_sake_state(data, FAILURE); eap_sake_state(data, FAILURE);
} else } else