Cookies: use constant time comparison

diff --git a/pdns/Makefile.am b/pdns/Makefile.am
index 97cd1a281ac6bd052caeb57b5a656727332ff382..4bedb0a1f460becbf99ddef80faa4df18bd2ba9e 100644 (file)
--- a/pdns/Makefile.am
+++ b/pdns/Makefile.am
@@ -53,6 +53,7 @@ EXTRA_DIST = \
        lua-record.cc \
        minicurl.cc \
        minicurl.hh \
+       string_compare.hh \
        api-swagger.yaml \
        api-swagger.json \
        requirements.txt \

diff --git a/pdns/dnsdistdist/Makefile.am b/pdns/dnsdistdist/Makefile.am
index a9f4433f205a57aaca5075e7d5d03410ea9fae85..26371f6bf362deb1b3c77adfd8f25e6abb94409e 100644 (file)
--- a/pdns/dnsdistdist/Makefile.am
+++ b/pdns/dnsdistdist/Makefile.am
@@ -103,6 +103,7 @@ EXTRA_DIST=COPYING \
           kqueuemplexer.cc \
           portsmplexer.cc \
           cdb.cc cdb.hh \
+          string_compare.hh \
           ext/lmdb-safe/lmdb-safe.cc ext/lmdb-safe/lmdb-safe.hh \
           ext/protozero/include/* \
           builder-support/gen-version

diff --git a/pdns/dnsdistdist/string_compare.hh b/pdns/dnsdistdist/string_compare.hh
new file mode 120000 (symlink)
index 0000000..7c3ecf5
--- /dev/null
+++ b/pdns/dnsdistdist/string_compare.hh
@@ -0,0 +1 @@
+../string_compare.hh
\ No newline at end of file

diff --git a/pdns/ednscookies.cc b/pdns/ednscookies.cc
index 8c232406d1fdb202eca5b88c4557d2d8db265d42..29f60fcdb215e2126ba6ff8fc804cfee87266348 100644 (file)
--- a/pdns/ednscookies.cc
+++ b/pdns/ednscookies.cc
@@ -19,9 +19,12 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
+#ifdef HAVE_CONFIG_H
 #include "config.h"
+#endif
 #include "ednscookies.hh"
 #include "misc.hh"
+#include "string_compare.hh"
 
 #ifdef HAVE_CRYPTO_SHORTHASH
 #include <sodium.h>
@@ -106,7 +109,7 @@ bool EDNSCookiesOpt::isValid(const string& secret, const ComboAddress& source)
     reinterpret_cast<const unsigned char*>(&toHash[0]),
     toHash.length(),
     reinterpret_cast<const unsigned char*>(&secret[0]));
-  return server.substr(8) == hashResult;
+  return constantTimeStringEquals(server.substr(8), hashResult);
 #else
   return false;
 #endif

diff --git a/pdns/recursordist/Makefile.am b/pdns/recursordist/Makefile.am
index b80d554f50eaf6c560bfe192eb63156b89c6a156..6ceec199793f0d0c69b0e37910a6e2ea8ff36370 100644 (file)
--- a/pdns/recursordist/Makefile.am
+++ b/pdns/recursordist/Makefile.am
@@ -63,6 +63,7 @@ EXTRA_DIST = \
        mtasker_fcontext.cc mtasker_ucontext.cc \
        NOTICE \
        opensslsigners.hh opensslsigners.cc \
+       string_compare.hh \
        portsmplexer.cc \
        dnstap.proto dnstap.cc dnstap.hh fstrm_logger.cc fstrm_logger.hh \
        ext/protozero/include/* \

diff --git a/pdns/recursordist/string_compare.hh b/pdns/recursordist/string_compare.hh
new file mode 120000 (symlink)
index 0000000..7c3ecf5
--- /dev/null
+++ b/pdns/recursordist/string_compare.hh
@@ -0,0 +1 @@
+../string_compare.hh
\ No newline at end of file

diff --git a/pdns/string_compare.hh b/pdns/string_compare.hh
index ad4712f3bc01faac254f8728f3c005155803d1fb..65d51c67490786407e44e99fd3347aee1b0ab760 100644 (file)
--- a/pdns/string_compare.hh
+++ b/pdns/string_compare.hh
@@ -39,8 +39,8 @@ static bool constantTimeStringEquals(const std::string& a, const std::string& b)
 #ifdef HAVE_CRYPTO_MEMCMP
   return CRYPTO_memcmp(a.c_str(), b.c_str(), size) == 0;
 #else
-  const volatile unsigned char *_a = (const volatile unsigned char *) a.c_str();
-  const volatile unsigned char *_b = (const volatile unsigned char *) b.c_str();
+  const volatile unsigned char* _a = (const volatile unsigned char*)a.c_str();
+  const volatile unsigned char* _b = (const volatile unsigned char*)b.c_str();
   unsigned char res = 0;
 
   for (size_t idx = 0; idx < size; idx++) {
@@ -50,4 +50,3 @@ static bool constantTimeStringEquals(const std::string& a, const std::string& b)
   return res == 0;
 #endif
 }
-