mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
lib/util: Change function to data_blob_equal_const_time()
Since data_blob_cmp_const_time() doesn't act as an exact replacement for data_blob_cmp(), and its return value is only ever compared with zero, simplify it and emphasize the intention of checking equality by returning a bool instead. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
ae6634c787
commit
a554e2ce53
@ -134,23 +134,23 @@ _PUBLIC_ int data_blob_cmp(const DATA_BLOB *d1, const DATA_BLOB *d2)
|
||||
check if two data blobs are equal, where the time taken should not depend on the
|
||||
contents of either blob.
|
||||
**/
|
||||
_PUBLIC_ int data_blob_cmp_const_time(const DATA_BLOB *d1, const DATA_BLOB *d2)
|
||||
_PUBLIC_ bool data_blob_equal_const_time(const DATA_BLOB *d1, const DATA_BLOB *d2)
|
||||
{
|
||||
int ret;
|
||||
if (d1->data == NULL && d2->data != NULL) {
|
||||
return -1;
|
||||
return false;
|
||||
}
|
||||
if (d1->data != NULL && d2->data == NULL) {
|
||||
return 1;
|
||||
return false;
|
||||
}
|
||||
if (d1->length != d2->length) {
|
||||
return false;
|
||||
}
|
||||
if (d1->data == d2->data) {
|
||||
return d1->length - d2->length;
|
||||
return true;
|
||||
}
|
||||
ret = memcmp_const_time(d1->data, d2->data, MIN(d1->length, d2->length));
|
||||
if (ret == 0) {
|
||||
return d1->length - d2->length;
|
||||
}
|
||||
return ret;
|
||||
ret = memcmp_const_time(d1->data, d2->data, d1->length);
|
||||
return ret == 0;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -90,7 +90,7 @@ _PUBLIC_ int data_blob_cmp(const DATA_BLOB *d1, const DATA_BLOB *d2);
|
||||
check if two data blobs are equal, where the time taken should not depend on the
|
||||
contents of either blob.
|
||||
**/
|
||||
_PUBLIC_ int data_blob_cmp_const_time(const DATA_BLOB *d1, const DATA_BLOB *d2);
|
||||
_PUBLIC_ bool data_blob_equal_const_time(const DATA_BLOB *d1, const DATA_BLOB *d2);
|
||||
|
||||
/**
|
||||
print the data_blob as hex string
|
||||
|
@ -630,7 +630,7 @@ bool netlogon_creds_cli_validate(struct netlogon_creds_cli_context *context,
|
||||
DATA_BLOB blob2;
|
||||
NTSTATUS status;
|
||||
enum ndr_err_code ndr_err;
|
||||
int cmp;
|
||||
bool equal;
|
||||
|
||||
status = netlogon_creds_cli_get(context, frame, &creds2);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
@ -652,11 +652,11 @@ bool netlogon_creds_cli_validate(struct netlogon_creds_cli_context *context,
|
||||
return false;
|
||||
}
|
||||
|
||||
cmp = data_blob_cmp_const_time(&blob1, &blob2);
|
||||
equal = data_blob_equal_const_time(&blob1, &blob2);
|
||||
|
||||
TALLOC_FREE(frame);
|
||||
|
||||
return (cmp == 0);
|
||||
return equal;
|
||||
}
|
||||
|
||||
static NTSTATUS netlogon_creds_cli_store_internal(
|
||||
|
@ -1577,7 +1577,7 @@ NTSTATUS _netr_ServerPasswordSet2(struct pipes_struct *p,
|
||||
confounder_len = 512 - new_password.length;
|
||||
enc_blob = data_blob_const(r->in.new_password->data, confounder_len);
|
||||
dec_blob = data_blob_const(password_buf.data, confounder_len);
|
||||
if (confounder_len > 0 && data_blob_cmp_const_time(&dec_blob, &enc_blob) == 0) {
|
||||
if (confounder_len > 0 && data_blob_equal_const_time(&dec_blob, &enc_blob)) {
|
||||
DBG_WARNING("Confounder buffer not encrypted Length[%zu]\n",
|
||||
confounder_len);
|
||||
TALLOC_FREE(creds);
|
||||
@ -1592,7 +1592,7 @@ NTSTATUS _netr_ServerPasswordSet2(struct pipes_struct *p,
|
||||
new_password.length);
|
||||
dec_blob = data_blob_const(password_buf.data + confounder_len,
|
||||
new_password.length);
|
||||
if (data_blob_cmp_const_time(&dec_blob, &enc_blob) == 0) {
|
||||
if (data_blob_equal_const_time(&dec_blob, &enc_blob)) {
|
||||
DBG_WARNING("Password buffer not encrypted Length[%zu]\n",
|
||||
new_password.length);
|
||||
TALLOC_FREE(creds);
|
||||
|
@ -873,7 +873,7 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet2(struct dcesrv_call_state *dce_cal
|
||||
confounder_len = 512 - new_password.length;
|
||||
enc_blob = data_blob_const(r->in.new_password->data, confounder_len);
|
||||
dec_blob = data_blob_const(password_buf.data, confounder_len);
|
||||
if (confounder_len > 0 && data_blob_cmp_const_time(&dec_blob, &enc_blob) == 0) {
|
||||
if (confounder_len > 0 && data_blob_equal_const_time(&dec_blob, &enc_blob)) {
|
||||
DBG_WARNING("Confounder buffer not encrypted Length[%zu]\n",
|
||||
confounder_len);
|
||||
return NT_STATUS_WRONG_PASSWORD;
|
||||
@ -887,7 +887,7 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet2(struct dcesrv_call_state *dce_cal
|
||||
new_password.length);
|
||||
dec_blob = data_blob_const(password_buf.data + confounder_len,
|
||||
new_password.length);
|
||||
if (data_blob_cmp_const_time(&dec_blob, &enc_blob) == 0) {
|
||||
if (data_blob_equal_const_time(&dec_blob, &enc_blob)) {
|
||||
DBG_WARNING("Password buffer not encrypted Length[%zu]\n",
|
||||
new_password.length);
|
||||
return NT_STATUS_WRONG_PASSWORD;
|
||||
|
Loading…
Reference in New Issue
Block a user