Commit 289f7607 authored by Mark Karpilovskij's avatar Mark Karpilovskij Committed by Daniel Salzman

cookies: use const_time_memcmp

Solved Issue B from the security audit
parent acdc8737
...@@ -20,6 +20,7 @@ ...@@ -20,6 +20,7 @@
#include "libknot/cookies/client.h" #include "libknot/cookies/client.h"
#include "libknot/errcode.h" #include "libknot/errcode.h"
#include "libknot/rrtype/opt-cookie.h" #include "libknot/rrtype/opt-cookie.h"
#include "contrib/string.h"
_public_ _public_
bool knot_cc_input_is_valid(const struct knot_cc_input *input) bool knot_cc_input_is_valid(const struct knot_cc_input *input)
...@@ -55,7 +56,7 @@ int knot_cc_check(const uint8_t *cc, uint16_t cc_len, ...@@ -55,7 +56,7 @@ int knot_cc_check(const uint8_t *cc, uint16_t cc_len,
return KNOT_EINVAL; return KNOT_EINVAL;
} }
int ret = memcmp(cc, generated_cc, generated_cc_len); int ret = const_time_memcmp(cc, generated_cc, generated_cc_len);
if (ret != 0) { if (ret != 0) {
return KNOT_EINVAL; return KNOT_EINVAL;
} }
......
...@@ -20,6 +20,7 @@ ...@@ -20,6 +20,7 @@
#include "libknot/cookies/server.h" #include "libknot/cookies/server.h"
#include "libknot/errcode.h" #include "libknot/errcode.h"
#include "libknot/rrtype/opt-cookie.h" #include "libknot/rrtype/opt-cookie.h"
#include "contrib/string.h"
_public_ _public_
bool knot_sc_input_is_valid(const struct knot_sc_input *input) bool knot_sc_input_is_valid(const struct knot_sc_input *input)
...@@ -110,7 +111,7 @@ int knot_sc_check(uint16_t nonce_len, const struct knot_dns_cookies *cookies, ...@@ -110,7 +111,7 @@ int knot_sc_check(uint16_t nonce_len, const struct knot_dns_cookies *cookies,
} }
/* Compare hashes. */ /* Compare hashes. */
ret = memcmp(content.hash, generated_hash, generated_hash_len); ret = const_time_memcmp(content.hash, generated_hash, generated_hash_len);
if (ret != 0) { if (ret != 0) {
return KNOT_EINVAL; return KNOT_EINVAL;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment