diff options
Diffstat (limited to 'contrib/ntp/sntp/crypto.c')
| -rw-r--r-- | contrib/ntp/sntp/crypto.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/contrib/ntp/sntp/crypto.c b/contrib/ntp/sntp/crypto.c index 234e137..a534239 100644 --- a/contrib/ntp/sntp/crypto.c +++ b/contrib/ntp/sntp/crypto.c @@ -1,6 +1,7 @@ #include <config.h> #include "crypto.h" #include <ctype.h> +#include "isc/string.h" struct key *key_ptr; size_t key_cnt = 0; @@ -56,11 +57,16 @@ auth_md5( pkt_ptr = pkt_data; hash_len = make_mac(pkt_ptr, pkt_size, sizeof(digest), cmp_key, digest); - if (!hash_len) + if (!hash_len) { authentic = FALSE; - else - authentic = !memcmp(digest, pkt_ptr + pkt_size + 4, + } else { + /* isc_tsmemcmp will be better when its easy to link + * with. sntp is a 1-shot program, so snooping for + * timing attacks is Harder. + */ + authentic = !memcmp(digest, pkt_data + pkt_size + 4, hash_len); + } return authentic; } |
