Commit 289f7607 authored by Mark Karpilovskij's avatar Mark Karpilovskij Committed by Daniel Salzman

cookies: use const_time_memcmp

Solved Issue B from the security audit
parent acdc8737
......@@ -20,6 +20,7 @@
#include "libknot/cookies/client.h"
#include "libknot/errcode.h"
#include "libknot/rrtype/opt-cookie.h"
#include "contrib/string.h"
_public_
bool knot_cc_input_is_valid(const struct knot_cc_input *input)
......@@ -55,7 +56,7 @@ int knot_cc_check(const uint8_t *cc, uint16_t cc_len,
return KNOT_EINVAL;
}
int ret = memcmp(cc, generated_cc, generated_cc_len);
int ret = const_time_memcmp(cc, generated_cc, generated_cc_len);
if (ret != 0) {
return KNOT_EINVAL;
}
......
......@@ -20,6 +20,7 @@
#include "libknot/cookies/server.h"
#include "libknot/errcode.h"
#include "libknot/rrtype/opt-cookie.h"
#include "contrib/string.h"
_public_
bool knot_sc_input_is_valid(const struct knot_sc_input *input)
......@@ -110,7 +111,7 @@ int knot_sc_check(uint16_t nonce_len, const struct knot_dns_cookies *cookies,
}
/* Compare hashes. */
ret = memcmp(content.hash, generated_hash, generated_hash_len);
ret = const_time_memcmp(content.hash, generated_hash, generated_hash_len);
if (ret != 0) {
return KNOT_EINVAL;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment