From: msweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be>
Date: Fri, 23 Oct 2015 21:31:17 +0000 (+0000)
Subject: Use constant time comparison function for local certificates
X-Git-Tag: v2.2b1~169
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1b6c727889d279654bd5a3f05788cd0447b3274f;hp=59189c00d265f2fa9787807a235a67d5962e853b;p=thirdparty%2Fcups.git

Use constant time comparison function for local certificates
(<rdar://problem/23133833>)


git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12927 a1ca3aef-8c08-0410-bb20-df032aa958be
---

diff --git a/CHANGES-2.1.txt b/CHANGES-2.1.txt
index f2f5c1e66..6c9863fd3 100644
--- a/CHANGES-2.1.txt
+++ b/CHANGES-2.1.txt
@@ -6,7 +6,8 @@ CHANGES IN CUPS V2.1.1
 	- Security hardening fixes (<rdar://problem/23131948>,
 	  <rdar://problem/23132108>, <rdar://problem/23132353>,
 	  <rdar://problem/23132803>, <rdar://problem/23133230>,
-	  <rdar://problem/23133393>, <rdar://problem/23133466>)
+	  <rdar://problem/23133393>, <rdar://problem/23133466>,
+	  <rdar://problem/23133833>)
 	- The cupsGetPPD* functions did not work with IPP printers (STR #4725)
 	- Some older HP LaserJet printers need a delayed close when printing
 	  using the libusb-based USB backend (STR #4549)
diff --git a/scheduler/cert.c b/scheduler/cert.c
index eb68befb7..92ca3650b 100644
--- a/scheduler/cert.c
+++ b/scheduler/cert.c
@@ -3,7 +3,7 @@
  *
  * Authentication certificate routines for the CUPS scheduler.
  *
- * Copyright 2007-2014 by Apple Inc.
+ * Copyright 2007-2015 by Apple Inc.
  * Copyright 1997-2006 by Easy Software Products.
  *
  * These coded instructions, statements, and computer programs are the
@@ -26,6 +26,13 @@
 #endif /* HAVE_ACL_INIT */
 
 
+/*
+ * Local functions...
+ */
+
+static int	ctcompare(const char *a, const char *b);
+
+
 /*
  * 'cupsdAddCert()' - Add a certificate.
  */
@@ -356,7 +363,7 @@ cupsdFindCert(const char *certificate)	/* I - Certificate */
   cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindCert(certificate=%s)",
                   certificate);
   for (cert = Certs; cert != NULL; cert = cert->next)
-    if (!_cups_strcasecmp(certificate, cert->certificate))
+    if (!ctcompare(certificate, cert->certificate))
     {
       cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindCert: Returning %s...",
                       cert->username);
@@ -425,6 +432,24 @@ cupsdInitCerts(void)
 }
 
 
+/*
+ * 'ctcompare()' - Compare two strings in constant time.
+ */
+
+static int				/* O - 0 on match, non-zero on non-match */
+ctcompare(const char *a,		/* I - First string */
+          const char *b)		/* I - Second string */
+{
+  int	result = 0;			/* Result */
+
+
+  while (*a && *b)
+    result |= *a ^ *b;
+
+  return (result);
+}
+
+
 /*
  * End of "$Id$".
  */