]> git.saurik.com Git - apple/ipsec.git/commitdiff
projects / apple / ipsec.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: 886926c)
ipsec-305.20.1.tar.gz macos-10121 macos-10122 macos-10123 macos-10124 macos-10125 macos-10126 v305.20.1
authorApple <opensource@apple.com>
Tue, 29 Nov 2016 21:42:36 +0000 (21:42 +0000)
committerApple <opensource@apple.com>
Tue, 29 Nov 2016 21:42:36 +0000 (21:42 +0000)
.gitignore [new file with mode: 0644] patch | blob
ipsec-tools/racoon/isakmp_cfg.c patch | blob | blame | history
ipsec-tools/racoon/isakmp_inf.c patch | blob | blame | history
ipsec-tools/racoon/isakmp_quick.c patch | blob | blame | history

diff --git a/.gitignore b/.gitignore
new file mode 100644 (file)
index 0000000..009fb98
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,8 @@
+.DS_Store
+*.xcodeproj/project.xcworkspace
+*.xcodeproj/xcuserdata
+.svn
+build
+*~.m
+*~.c
+*~.h
diff --git a/ipsec-tools/racoon/isakmp_cfg.c b/ipsec-tools/racoon/isakmp_cfg.c
index fbf4b9ab9776b821457654bcb36618273457a1d7..3092a922252b016c6d3a765e08452b6117fc69fb 100644 (file)
--- a/ipsec-tools/racoon/isakmp_cfg.c
+++ b/ipsec-tools/racoon/isakmp_cfg.c
@@ -246,7 +246,7 @@ isakmp_cfg_r(iph1, msg)
                                goto out;
                        }
 
-                       if (memcmp(ph + 1, check->v, check->l) != 0) {
+                       if (timingsafe_bcmp(ph + 1, check->v, check->l) != 0) {
                                plog(ASL_LEVEL_ERR, 
                                    "Hash verification failed\n");
                                vfree(payload);
diff --git a/ipsec-tools/racoon/isakmp_inf.c b/ipsec-tools/racoon/isakmp_inf.c
index ea0e34bae95527e944c02a82f9363a051879929a..7c10ffd85238645eda2a64b62691a125539c9fad 100644 (file)
--- a/ipsec-tools/racoon/isakmp_inf.c
+++ b/ipsec-tools/racoon/isakmp_inf.c
@@ -326,7 +326,7 @@ isakmp_info_recv(phase1_handle_t *iph1, vchar_t *msg0)
                        goto end;
                }
 
-               if (memcmp(p, hash->v, hash->l) != 0) {
+               if (timingsafe_bcmp(p, hash->v, hash->l) != 0) {
                        plog(ASL_LEVEL_ERR, 
                            "ignore information due to hash mismatch\n");
 
diff --git a/ipsec-tools/racoon/isakmp_quick.c b/ipsec-tools/racoon/isakmp_quick.c
index 8bb4a877c32c92fa6f25295c71ede609976283b6..808ce2b0e779a5be1f8ef7c91f5b93845c08893c 100644 (file)
--- a/ipsec-tools/racoon/isakmp_quick.c
+++ b/ipsec-tools/racoon/isakmp_quick.c
@@ -691,7 +691,7 @@ quick_i2recv(iph2, msg0)
                goto end;
        }
 
-       result = memcmp(my_hash->v, r_hash, my_hash->l);
+       result = timingsafe_bcmp(my_hash->v, r_hash, my_hash->l);
        vfree(my_hash);
 
        if (result) {
@@ -1020,7 +1020,7 @@ quick_i4recv(iph2, msg0)
                goto end;
        }
 
-       result = memcmp(my_hash->v, r_hash, my_hash->l);
+       result = timingsafe_bcmp(my_hash->v, r_hash, my_hash->l);
        vfree(my_hash);
 
        if (result) {
@@ -1357,7 +1357,7 @@ quick_r1recv(iph2, msg0)
                goto end;
        }
 
-       result = memcmp(my_hash->v, r_hash, my_hash->l);
+       result = timingsafe_bcmp(my_hash->v, r_hash, my_hash->l);
        vfree(my_hash);
 
        if (result) {
@@ -1891,7 +1891,7 @@ quick_r3recv(iph2, msg0)
                goto end;
        }
 
-       result = memcmp(my_hash->v, r_hash, my_hash->l);
+       result = timingsafe_bcmp(my_hash->v, r_hash, my_hash->l);
        vfree(my_hash);
 
        if (result) {
mirror of ipsec