From 65c5d8ad7a46a83338c23dee66e208a014c3d3d2 Mon Sep 17 00:00:00 2001 From: Ulrich Sibiller Date: Fri, 3 Mar 2017 22:46:33 +0100 Subject: Backport CVE-2017-2624 (timingsafe_memcmp) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes ArcticaProject/nx-libs#365 These two commits: commit 5c44169caed811e59a65ba346de1cadb46d266ec Author: Adam Jackson Date: Thu Mar 2 17:20:30 2017 -0500 os: Squash missing declaration warning for timingsafe_memcmp timingsafe_memcmp.c:21:1: warning: no previous prototype for ‘timingsafe_memcmp’ [-Wmissing-prototypes] timingsafe_memcmp(const void *b1, const void *b2, size_t len) Signed-off-by: Adam Jackson commit d7ac755f0b618eb1259d93c8a16ec6e39a18627c Author: Matthieu Herrb Date: Tue Feb 28 19:18:25 2017 +0100 Use timingsafe_memcmp() to compare MIT-MAGIC-COOKIES CVE-2017-2624 Provide the function definition for systems that don't have it. Signed-off-by: Matthieu Herrb --- nx-X11/programs/Xserver/os/mitauth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nx-X11/programs/Xserver/os/mitauth.c') diff --git a/nx-X11/programs/Xserver/os/mitauth.c b/nx-X11/programs/Xserver/os/mitauth.c index c42cbe30e..578f8ba42 100644 --- a/nx-X11/programs/Xserver/os/mitauth.c +++ b/nx-X11/programs/Xserver/os/mitauth.c @@ -82,7 +82,7 @@ MitCheckCookie ( for (auth = mit_auth; auth; auth=auth->next) { if (data_length == auth->len && - memcmp (data, auth->data, (int) data_length) == 0) + timingsafe_memcmp (data, auth->data, (int) data_length) == 0) return auth->id; } *reason = "Invalid MIT-MAGIC-COOKIE-1 key"; -- cgit v1.2.3