Suyu/mbedtls
1
0
Fork 0
mirror of https://git.suyu.dev/suyu/mbedtls.git synced 2026-01-05 22:19:11 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Safer buffer comparisons in the SSL modules

Browse source
This commit is contained in:
Manuel Pégourié-Gonnard 2013-10-28 13:46:11 +01:00 committed by Paul Bakker
parent 291f9af935
commit 31ff1d2e4f
4 changed files with 41 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

4
library/ssl_tls.c
View file

@ -1711,7 +1711,7 @@ static int ssl_decrypt_buf( ssl_context *ssl )
SSL_DEBUG_BUF( 4, "computed mac", ssl->in_msg + ssl->in_msglen,
ssl->transform_in->maclen );
if( memcmp( tmp, ssl->in_msg + ssl->in_msglen,
if( safer_memcmp( tmp, ssl->in_msg + ssl->in_msglen,
ssl->transform_in->maclen ) != 0 )
{
#if defined(POLARSSL_SSL_DEBUG_ALL)
@ -3192,7 +3192,7 @@ int ssl_parse_finished( ssl_context *ssl )
return( POLARSSL_ERR_SSL_BAD_HS_FINISHED );
}
if( memcmp( ssl->in_msg + 4, buf, hash_len ) != 0 )
if( safer_memcmp( ssl->in_msg + 4, buf, hash_len ) != 0 )
{
SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
return( POLARSSL_ERR_SSL_BAD_HS_FINISHED );