From: Patrick Gansterer <paroga@paroga.com>
Date: Tue, 24 Mar 2020 19:34:17 +0000 (+0100)
Subject: lib-oauth2: Fix possible timing attack in oauth2_validate_hmac()
X-Git-Tag: 2.3.11.2~498
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9d449447a58446d3234793cf4daea2ec3ab509b1;p=thirdparty%2Fdovecot%2Fcore.git

lib-oauth2: Fix possible timing attack in oauth2_validate_hmac()

Use mem_equals_timing_safe() instead of memcmp() to test the equality of the digest.
---

diff --git a/src/lib-oauth2/oauth2-jwt.c b/src/lib-oauth2/oauth2-jwt.c
index 527a0f3194..29c6fa5523 100644
--- a/src/lib-oauth2/oauth2-jwt.c
+++ b/src/lib-oauth2/oauth2-jwt.c
@@ -105,7 +105,7 @@ static int oauth2_validate_hmac(const struct oauth2_settings *set,
 	buffer_t *their_digest =
 		t_base64url_decode_str(BASE64_DECODE_FLAG_NO_PADDING, blobs[2]);
 	if (method->digest_size != their_digest->used ||
-	    memcmp(digest, their_digest->data, method->digest_size) != 0) {
+	    !mem_equals_timing_safe(digest, their_digest->data, method->digest_size)) {
 		*error_r = "Incorrect JWT signature";
 		return -1;
 	}