aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMihai Moldovan <ionic@ionic.de>2017-03-07 22:34:09 +0100
committerMihai Moldovan <ionic@ionic.de>2017-03-07 22:34:09 +0100
commitc6f0e6b2c6164b7a0c160222f4af8f45e97153c1 (patch)
tree741bdcc3a30b7b2e23a57c377ca057db38803129
parent05aabb4e6f45bcb2c951ec04026f9d7bce7335b3 (diff)
parent22f542626cf9935fd55a899e21144111e481542c (diff)
downloadnx-libs-c6f0e6b2c6164b7a0c160222f4af8f45e97153c1.tar.gz
nx-libs-c6f0e6b2c6164b7a0c160222f4af8f45e97153c1.tar.bz2
nx-libs-c6f0e6b2c6164b7a0c160222f4af8f45e97153c1.zip
Merge branch 'uli42-pr/cve-2017-2624' into 3.6.x
Attributes GH PR #380: https://github.com/ArcticaProject/nx-libs/pull/380 Fixes: ArcticaProject/nx-libs#365.
-rw-r--r--nx-X11/config/cf/Imake.tmpl3
-rw-r--r--nx-X11/programs/Xserver/include/os.h5
-rw-r--r--nx-X11/programs/Xserver/os/Imakefile9
-rw-r--r--nx-X11/programs/Xserver/os/mitauth.c2
-rw-r--r--nx-X11/programs/Xserver/os/timingsafe_memcmp.c47
5 files changed, 63 insertions, 3 deletions
diff --git a/nx-X11/config/cf/Imake.tmpl b/nx-X11/config/cf/Imake.tmpl
index 8d2526712..d4b033888 100644
--- a/nx-X11/config/cf/Imake.tmpl
+++ b/nx-X11/config/cf/Imake.tmpl
@@ -468,6 +468,9 @@ XCOMM the platform-specific parameters - edit site.def to change
#ifndef HasBasename
#define HasBasename YES
#endif
+#ifndef HasTimingsafeMemcmp
+#define HasTimingsafeMemcmp NO /* assume not */
+#endif
#ifndef HasGetopt
# if !defined(Win32Architecture)
# define HasGetopt YES
diff --git a/nx-X11/programs/Xserver/include/os.h b/nx-X11/programs/Xserver/include/os.h
index 59ace8fd2..0fd687d18 100644
--- a/nx-X11/programs/Xserver/include/os.h
+++ b/nx-X11/programs/Xserver/include/os.h
@@ -460,6 +460,11 @@ extern _X_EXPORT size_t
strlcat(char *dst, const char *src, size_t siz);
#endif
+#ifndef HAVE_TIMINGSAFE_MEMCMP
+extern _X_EXPORT int
+timingsafe_memcmp(const void *b1, const void *b2, size_t len);
+#endif
+
/* Logging. */
typedef enum _LogParameter {
XLOG_FLUSH,
diff --git a/nx-X11/programs/Xserver/os/Imakefile b/nx-X11/programs/Xserver/os/Imakefile
index 2abc1aff9..8b260fa32 100644
--- a/nx-X11/programs/Xserver/os/Imakefile
+++ b/nx-X11/programs/Xserver/os/Imakefile
@@ -115,17 +115,22 @@ GETPEER_DEFINES = -DHAS_GETPEEREID
# endif
#endif
+#if !HasTimingsafeMemcmp
+TMEMCMP_SRCS = timingsafe_memcmp.c
+TMEMCMP_OBJS = timingsafe_memcmp.o
+#endif
+
BOOTSTRAPCFLAGS =
SRCS = WaitFor.c access.c connection.c io.c $(COLOR_SRCS) \
osinit.c utils.c log.c auth.c mitauth.c secauth.c \
$(XDMAUTHSRCS) $(RPCSRCS) xdmcp.c OtherSources \
xstrans.c $(SNPRINTF_SRCS) $(STRLCAT_SRCS) \
- $(REALLOCARRAY_SRCS) xprintf.c
+ $(REALLOCARRAY_SRCS) xprintf.c $(TMEMCMP_SRCS)
OBJS = WaitFor.o access.o connection.o io.o $(COLOR_OBJS) \
osinit.o utils.o log.o auth.o mitauth.o secauth.o \
$(XDMAUTHOBJS) $(RPCOBJS) xdmcp.o OtherObjects \
xstrans.o $(SNPRINTF_OBJS) $(STRLCAT_OBJS) \
- $(REALLOCARRAY_OBJS) xprintf.o
+ $(REALLOCARRAY_OBJS) xprintf.o $(TMEMCMP_OBJS)
#if UseMemLeak
MEM_DEFINES = -DMEMBUG
diff --git a/nx-X11/programs/Xserver/os/mitauth.c b/nx-X11/programs/Xserver/os/mitauth.c
index c42cbe30e..578f8ba42 100644
--- a/nx-X11/programs/Xserver/os/mitauth.c
+++ b/nx-X11/programs/Xserver/os/mitauth.c
@@ -82,7 +82,7 @@ MitCheckCookie (
for (auth = mit_auth; auth; auth=auth->next) {
if (data_length == auth->len &&
- memcmp (data, auth->data, (int) data_length) == 0)
+ timingsafe_memcmp (data, auth->data, (int) data_length) == 0)
return auth->id;
}
*reason = "Invalid MIT-MAGIC-COOKIE-1 key";
diff --git a/nx-X11/programs/Xserver/os/timingsafe_memcmp.c b/nx-X11/programs/Xserver/os/timingsafe_memcmp.c
new file mode 100644
index 000000000..fe87de7bc
--- /dev/null
+++ b/nx-X11/programs/Xserver/os/timingsafe_memcmp.c
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 2014 Google Inc.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <limits.h>
+#include <string.h>
+#include <nx-X11/Xfuncproto.h>
+#include "os.h"
+
+int
+timingsafe_memcmp(const void *b1, const void *b2, size_t len)
+{
+ const unsigned char *p1 = b1, *p2 = b2;
+ size_t i;
+ int res = 0, done = 0;
+
+ for (i = 0; i < len; i++) {
+ /* lt is -1 if p1[i] < p2[i]; else 0. */
+ int lt = (p1[i] - p2[i]) >> CHAR_BIT;
+
+ /* gt is -1 if p1[i] > p2[i]; else 0. */
+ int gt = (p2[i] - p1[i]) >> CHAR_BIT;
+
+ /* cmp is 1 if p1[i] > p2[i]; -1 if p1[i] < p2[i]; else 0. */
+ int cmp = lt - gt;
+
+ /* set res = cmp if !done. */
+ res |= cmp & ~done;
+
+ /* set done if p1[i] != p2[i]. */
+ done |= lt | gt;
+ }
+
+ return (res);
+}