From: Apple <opensource@apple.com>
Date: Tue, 29 Nov 2016 21:42:36 +0000 (+0000)
Subject: ipsec-305.20.1.tar.gz
X-Git-Tag: macos-10121^0
X-Git-Url: https://git.saurik.com/apple/ipsec.git/commitdiff_plain/f255a978ed5a0b035176fe69ed5a30007f5708d0?hp=886926c087c10c05fed266ba16e5f571352de3b4

ipsec-305.20.1.tar.gz
---

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..009fb98
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,8 @@
+.DS_Store
+*.xcodeproj/project.xcworkspace
+*.xcodeproj/xcuserdata
+.svn
+build
+*~.m
+*~.c
+*~.h
diff --git a/ipsec-tools/racoon/isakmp_cfg.c b/ipsec-tools/racoon/isakmp_cfg.c
index fbf4b9a..3092a92 100644
--- a/ipsec-tools/racoon/isakmp_cfg.c
+++ b/ipsec-tools/racoon/isakmp_cfg.c
@@ -246,7 +246,7 @@ isakmp_cfg_r(iph1, msg)
 				goto out;
 			}
 
-			if (memcmp(ph + 1, check->v, check->l) != 0) {
+			if (timingsafe_bcmp(ph + 1, check->v, check->l) != 0) {
 				plog(ASL_LEVEL_ERR, 
 				    "Hash verification failed\n");
 				vfree(payload);
diff --git a/ipsec-tools/racoon/isakmp_inf.c b/ipsec-tools/racoon/isakmp_inf.c
index ea0e34b..7c10ffd 100644
--- a/ipsec-tools/racoon/isakmp_inf.c
+++ b/ipsec-tools/racoon/isakmp_inf.c
@@ -326,7 +326,7 @@ isakmp_info_recv(phase1_handle_t *iph1, vchar_t *msg0)
 			goto end;
 		}
 
-		if (memcmp(p, hash->v, hash->l) != 0) {
+		if (timingsafe_bcmp(p, hash->v, hash->l) != 0) {
 			plog(ASL_LEVEL_ERR, 
 			    "ignore information due to hash mismatch\n");
 
diff --git a/ipsec-tools/racoon/isakmp_quick.c b/ipsec-tools/racoon/isakmp_quick.c
index 8bb4a87..808ce2b 100644
--- a/ipsec-tools/racoon/isakmp_quick.c
+++ b/ipsec-tools/racoon/isakmp_quick.c
@@ -691,7 +691,7 @@ quick_i2recv(iph2, msg0)
 		goto end;
 	}
 
-	result = memcmp(my_hash->v, r_hash, my_hash->l);
+	result = timingsafe_bcmp(my_hash->v, r_hash, my_hash->l);
 	vfree(my_hash);
 
 	if (result) {
@@ -1020,7 +1020,7 @@ quick_i4recv(iph2, msg0)
 		goto end;
 	}
 
-	result = memcmp(my_hash->v, r_hash, my_hash->l);
+	result = timingsafe_bcmp(my_hash->v, r_hash, my_hash->l);
 	vfree(my_hash);
 
 	if (result) {
@@ -1357,7 +1357,7 @@ quick_r1recv(iph2, msg0)
 		goto end;
 	}
 
-	result = memcmp(my_hash->v, r_hash, my_hash->l);
+	result = timingsafe_bcmp(my_hash->v, r_hash, my_hash->l);
 	vfree(my_hash);
 
 	if (result) {
@@ -1891,7 +1891,7 @@ quick_r3recv(iph2, msg0)
 		goto end;
 	}
 
-	result = memcmp(my_hash->v, r_hash, my_hash->l);
+	result = timingsafe_bcmp(my_hash->v, r_hash, my_hash->l);
 	vfree(my_hash);
 
 	if (result) {