sssd/patches/0002-libcrypto-Check-right-value-of-CRYPTO_memcmp.patch

   1 From 5a6aeb890bdf18729e45cd08cfa244e3da4ed45b Mon Sep 17 00:00:00 2001
   2 From: Lukas Slebodnik <lslebodn@redhat.com>
   3 Date: Wed, 19 Oct 2016 16:46:44 +0200
   4 Subject: [PATCH 02/39] libcrypto: Check right value of CRYPTO_memcmp
   5
   6 sss_decrypt failed even though should pass because
   7 we were checking wrong value of CRYPTO_memcmp.
   8 Nobody noticed that because there was not a unit test :-)
   9
  10 Reviewed-by: Christian Heimes <cheimes@redhat.com>
  11 (cherry picked from commit 0c2be9700d3b54db33c1a3dd5d230b34bfaceb50)
  12 (cherry picked from commit f4da46bd77f2eed2d04152b75c78bfc561c79354)
  13 ---
  14  src/util/crypto/libcrypto/crypto_nite.c | 2 +-
  15  1 file changed, 1 insertion(+), 1 deletion(-)
  16
  17 diff --git a/src/util/crypto/libcrypto/crypto_nite.c b/src/util/crypto/libcrypto/crypto_nite.c
  18 index de562f2d2..e863d3fc9 100644
  19 --- a/src/util/crypto/libcrypto/crypto_nite.c
  20 +++ b/src/util/crypto/libcrypto/crypto_nite.c
  21 @@ -237,7 +237,7 @@ int sss_decrypt(TALLOC_CTX *mem_ctx, enum encmethod enctype,
  22      }
  23
  24      ret = CRYPTO_memcmp(&ciphertext[cipherlen - hmaclen], out, hmaclen);
  25 -    if (ret != 1) {
  26 +    if (ret != 0) {
  27          ret = EFAULT;
  28          goto done;
  29      }
  30 --
  31 2.11.0
  32