aboutsummaryrefslogtreecommitdiff
path: root/nx-X11
diff options
context:
space:
mode:
Diffstat (limited to 'nx-X11')
-rw-r--r--nx-X11/programs/Xserver/include/os.h5
-rw-r--r--nx-X11/programs/Xserver/os/Imakefile4
-rw-r--r--nx-X11/programs/Xserver/os/mitauth.c2
-rw-r--r--nx-X11/programs/Xserver/os/timingsafe_memcmp.c47
4 files changed, 55 insertions, 3 deletions
diff --git a/nx-X11/programs/Xserver/include/os.h b/nx-X11/programs/Xserver/include/os.h
index 59ace8fd2..0fd687d18 100644
--- a/nx-X11/programs/Xserver/include/os.h
+++ b/nx-X11/programs/Xserver/include/os.h
@@ -460,6 +460,11 @@ extern _X_EXPORT size_t
strlcat(char *dst, const char *src, size_t siz);
#endif
+#ifndef HAVE_TIMINGSAFE_MEMCMP
+extern _X_EXPORT int
+timingsafe_memcmp(const void *b1, const void *b2, size_t len);
+#endif
+
/* Logging. */
typedef enum _LogParameter {
XLOG_FLUSH,
diff --git a/nx-X11/programs/Xserver/os/Imakefile b/nx-X11/programs/Xserver/os/Imakefile
index 2abc1aff9..787a9ef2c 100644
--- a/nx-X11/programs/Xserver/os/Imakefile
+++ b/nx-X11/programs/Xserver/os/Imakefile
@@ -120,12 +120,12 @@ BOOTSTRAPCFLAGS =
osinit.c utils.c log.c auth.c mitauth.c secauth.c \
$(XDMAUTHSRCS) $(RPCSRCS) xdmcp.c OtherSources \
xstrans.c $(SNPRINTF_SRCS) $(STRLCAT_SRCS) \
- $(REALLOCARRAY_SRCS) xprintf.c
+ $(REALLOCARRAY_SRCS) xprintf.c timingsafe_memcmp.c
OBJS = WaitFor.o access.o connection.o io.o $(COLOR_OBJS) \
osinit.o utils.o log.o auth.o mitauth.o secauth.o \
$(XDMAUTHOBJS) $(RPCOBJS) xdmcp.o OtherObjects \
xstrans.o $(SNPRINTF_OBJS) $(STRLCAT_OBJS) \
- $(REALLOCARRAY_OBJS) xprintf.o
+ $(REALLOCARRAY_OBJS) xprintf.o timingsafe_memcmp.o
#if UseMemLeak
MEM_DEFINES = -DMEMBUG
diff --git a/nx-X11/programs/Xserver/os/mitauth.c b/nx-X11/programs/Xserver/os/mitauth.c
index c42cbe30e..578f8ba42 100644
--- a/nx-X11/programs/Xserver/os/mitauth.c
+++ b/nx-X11/programs/Xserver/os/mitauth.c
@@ -82,7 +82,7 @@ MitCheckCookie (
for (auth = mit_auth; auth; auth=auth->next) {
if (data_length == auth->len &&
- memcmp (data, auth->data, (int) data_length) == 0)
+ timingsafe_memcmp (data, auth->data, (int) data_length) == 0)
return auth->id;
}
*reason = "Invalid MIT-MAGIC-COOKIE-1 key";
diff --git a/nx-X11/programs/Xserver/os/timingsafe_memcmp.c b/nx-X11/programs/Xserver/os/timingsafe_memcmp.c
new file mode 100644
index 000000000..fe87de7bc
--- /dev/null
+++ b/nx-X11/programs/Xserver/os/timingsafe_memcmp.c
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 2014 Google Inc.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <limits.h>
+#include <string.h>
+#include <nx-X11/Xfuncproto.h>
+#include "os.h"
+
+int
+timingsafe_memcmp(const void *b1, const void *b2, size_t len)
+{
+ const unsigned char *p1 = b1, *p2 = b2;
+ size_t i;
+ int res = 0, done = 0;
+
+ for (i = 0; i < len; i++) {
+ /* lt is -1 if p1[i] < p2[i]; else 0. */
+ int lt = (p1[i] - p2[i]) >> CHAR_BIT;
+
+ /* gt is -1 if p1[i] > p2[i]; else 0. */
+ int gt = (p2[i] - p1[i]) >> CHAR_BIT;
+
+ /* cmp is 1 if p1[i] > p2[i]; -1 if p1[i] < p2[i]; else 0. */
+ int cmp = lt - gt;
+
+ /* set res = cmp if !done. */
+ res |= cmp & ~done;
+
+ /* set done if p1[i] != p2[i]. */
+ done |= lt | gt;
+ }
+
+ return (res);
+}