[v9_8] added isc_safe_memcmp()

3611.	[bug]		Improved resistance to a theoretical authentication
			attack based on differential timing.  [RT #33939]
(cherry picked from commit 5b7abbef511cea0b568be0bc8d5b3120a0b9034d)
(cherry picked from commit a66c88dd260c0dd4707cbf00fd4dad9346562b09)

diff --git a/CHANGES b/CHANGES
index dea8c296ba4ab603c1543ae81866aef3a483a7cf..ccbeb3602d2845eee3eb318b44f54125e7d722c5 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+3611.  [bug]           Improved resistance to a theoretical authentication
+                       attack based on differential timing.  [RT #33939]
+
 3610.  [cleanup]       win32: Some executables had been omitted from the
                        installer. [RT #34116]
 

diff --git a/configure b/configure
index d08dc17476ef78e0d29ff8dfdce006a3c4dff9c5..217088d81e51b5bf2bfef6a7826478fbc59fbf3c 100755 (executable)
--- a/configure
+++ b/configure
@@ -1339,6 +1339,7 @@ PERL
 ETAGS
 LN
 ARFLAGS
+CCNOOPT
 CCOPT
 STD_CWARNINGS
 STD_CDEFINES
@@ -11827,6 +11828,7 @@ fi
 
 
 
+
 # Warn if the user specified libbind, which is now deprecated
 # Check whether --enable-libbind was given.
 if test "${enable_libbind+set}" = set; then :
@@ -12749,6 +12751,13 @@ case "$host" in
          ;;
 esac
 
+#
+# CCNOOPT defaults to -O0 on gcc and disables optimization when is last
+#
+if test "X$CCNOOPT" = "X" -a "X$GCC" = "Xyes"; then
+       CCNOOPT="-O0"
+fi
+
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
 $as_echo_n "checking for ANSI C header files... " >&6; }
 if ${ac_cv_header_stdc+:} false; then :
@@ -15184,11 +15193,13 @@ then
                *-freebsd*)
                        CC="$CC -pthread"
                        CCOPT="$CCOPT -pthread"
+                       CCNOOPT="$CCNOOPT -pthread"
                        STD_CDEFINES="$STD_CDEFINES -D_THREAD_SAFE"
                        ;;
                *-openbsd*)
                        CC="$CC -pthread"
                        CCOPT="$CCOPT -pthread"
+                       CCNOOPT="$CCNOOPT -pthread"
                        ;;
                *-solaris*)
                        LIBS="$LIBS -lthread"
@@ -15202,10 +15213,12 @@ then
                *-dec-osf*)
                        CC="$CC -pthread"
                        CCOPT="$CCOPT -pthread"
+                       CCNOOPT="$CCNOOPT -pthread"
                        ;;
                *-solaris*)
                        CC="$CC -mt"
                        CCOPT="$CCOPT -mt"
+                       CCNOOPT="$CCNOOPT -mt"
                        ;;
                *-ibm-aix*)
                        STD_CDEFINES="$STD_CDEFINES -D_THREAD_SAFE"
@@ -15213,10 +15226,12 @@ then
                *-sco-sysv*uw*|*-*-sysv*UnixWare*)
                        CC="$CC -Kthread"
                        CCOPT="$CCOPT -Kthread"
+                       CCNOOPT="$CCNOOPT -Kthread"
                        ;;
                *-*-sysv*OpenUNIX*)
                        CC="$CC -Kpthread"
                        CCOPT="$CCOPT -Kpthread"
+                       CCNOOPT="$CCNOOPT -Kpthread"
                        ;;
                esac
        fi
@@ -15704,6 +15719,7 @@ else
        *-dec-osf*)
                CC="$CC -std"
                CCOPT="$CCOPT -std"
+               CCNOOPT="$CCNOOPT -std"
                MKDEPCC="$CC"
                ;;
        *-hp-hpux*)
@@ -15722,6 +15738,7 @@ else
                        ;;
                esac
                CCOPT="$CCOPT -Ae -z"
+               CCNOOPT="$CCNOOPT -Ae -z"
                LDFLAGS="-Wl,+vnocompatwarnings $LDFLAGS"
                MKDEPPROG='cc -Ae -E -Wp,-M >/dev/null 2>>$TMP'
                ;;

diff --git a/configure.in b/configure.in
index 8db8dde7664e9dd8937533d6639c964d4a9e7cd4..3b44455b078b4cc16132b854bdb69311cfea36a1 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -50,6 +50,7 @@ AC_SUBST(STD_CINCLUDES)
 AC_SUBST(STD_CDEFINES)
 AC_SUBST(STD_CWARNINGS)
 AC_SUBST(CCOPT)
+AC_SUBST(CCNOOPT)
 
 # Warn if the user specified libbind, which is now deprecated
 AC_ARG_ENABLE(libbind, [  --enable-libbind       deprecated])
@@ -296,6 +297,13 @@ case "$host" in
          ;;
 esac
 
+#
+# CCNOOPT defaults to -O0 on gcc and disables optimization when is last
+#
+if test "X$CCNOOPT" = "X" -a "X$GCC" = "Xyes"; then
+       CCNOOPT="-O0"
+fi
+
 AC_HEADER_STDC
 
 AC_CHECK_HEADERS(fcntl.h regex.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,,
@@ -1149,11 +1157,13 @@ then
                *-freebsd*)
                        CC="$CC -pthread"
                        CCOPT="$CCOPT -pthread"
+                       CCNOOPT="$CCNOOPT -pthread"
                        STD_CDEFINES="$STD_CDEFINES -D_THREAD_SAFE"
                        ;;
                *-openbsd*)
                        CC="$CC -pthread"
                        CCOPT="$CCOPT -pthread"
+                       CCNOOPT="$CCNOOPT -pthread"
                        ;;
                *-solaris*)
                        LIBS="$LIBS -lthread"
@@ -1167,10 +1177,12 @@ then
                *-dec-osf*)
                        CC="$CC -pthread"
                        CCOPT="$CCOPT -pthread"
+                       CCNOOPT="$CCNOOPT -pthread"
                        ;;
                *-solaris*)
                        CC="$CC -mt"
                        CCOPT="$CCOPT -mt"
+                       CCNOOPT="$CCNOOPT -mt"
                        ;;
                *-ibm-aix*)
                        STD_CDEFINES="$STD_CDEFINES -D_THREAD_SAFE"
@@ -1178,10 +1190,12 @@ then
                *-sco-sysv*uw*|*-*-sysv*UnixWare*)
                        CC="$CC -Kthread"
                        CCOPT="$CCOPT -Kthread"
+                       CCNOOPT="$CCNOOPT -Kthread"
                        ;;
                *-*-sysv*OpenUNIX*)
                        CC="$CC -Kpthread"
                        CCOPT="$CCOPT -Kpthread"
+                       CCNOOPT="$CCNOOPT -Kpthread"
                        ;;
                esac
        fi
@@ -1391,6 +1405,7 @@ else
        *-dec-osf*)
                CC="$CC -std"
                CCOPT="$CCOPT -std"
+               CCNOOPT="$CCNOOPT -std"
                MKDEPCC="$CC"
                ;;
        *-hp-hpux*)
@@ -1409,6 +1424,7 @@ else
                        ;;
                esac
                CCOPT="$CCOPT -Ae -z"
+               CCNOOPT="$CCNOOPT -Ae -z"
                LDFLAGS="-Wl,+vnocompatwarnings $LDFLAGS"
                MKDEPPROG='cc -Ae -E -Wp,-M >/dev/null 2>>$TMP'
                ;;

diff --git a/lib/dns/hmac_link.c b/lib/dns/hmac_link.c
index bc0e9a04ed07dd133df16ccac94a06b045eba0a7..f78cacec62bb143543233794c1e9889c39759b52 100644 (file)
--- a/lib/dns/hmac_link.c
+++ b/lib/dns/hmac_link.c
@@ -42,6 +42,7 @@
 #include <isc/md5.h>
 #include <isc/sha1.h>
 #include <isc/mem.h>
+#include <isc/safe.h>
 #include <isc/string.h>
 #include <isc/util.h>
 
@@ -138,7 +139,7 @@ hmacmd5_compare(const dst_key_t *key1, const dst_key_t *key2) {
        else if (hkey1 == NULL || hkey2 == NULL)
                return (ISC_FALSE);
 
-       if (memcmp(hkey1->key, hkey2->key, ISC_SHA1_BLOCK_LENGTH) == 0)
+       if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA1_BLOCK_LENGTH))
                return (ISC_TRUE);
        else
                return (ISC_FALSE);
@@ -414,7 +415,7 @@ hmacsha1_compare(const dst_key_t *key1, const dst_key_t *key2) {
        else if (hkey1 == NULL || hkey2 == NULL)
                return (ISC_FALSE);
 
-       if (memcmp(hkey1->key, hkey2->key, ISC_SHA1_BLOCK_LENGTH) == 0)
+       if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA1_BLOCK_LENGTH))
                return (ISC_TRUE);
        else
                return (ISC_FALSE);
@@ -690,7 +691,7 @@ hmacsha224_compare(const dst_key_t *key1, const dst_key_t *key2) {
        else if (hkey1 == NULL || hkey2 == NULL)
                return (ISC_FALSE);
 
-       if (memcmp(hkey1->key, hkey2->key, ISC_SHA224_BLOCK_LENGTH) == 0)
+       if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA224_BLOCK_LENGTH))
                return (ISC_TRUE);
        else
                return (ISC_FALSE);
@@ -968,7 +969,7 @@ hmacsha256_compare(const dst_key_t *key1, const dst_key_t *key2) {
        else if (hkey1 == NULL || hkey2 == NULL)
                return (ISC_FALSE);
 
-       if (memcmp(hkey1->key, hkey2->key, ISC_SHA256_BLOCK_LENGTH) == 0)
+       if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA256_BLOCK_LENGTH))
                return (ISC_TRUE);
        else
                return (ISC_FALSE);
@@ -1246,7 +1247,7 @@ hmacsha384_compare(const dst_key_t *key1, const dst_key_t *key2) {
        else if (hkey1 == NULL || hkey2 == NULL)
                return (ISC_FALSE);
 
-       if (memcmp(hkey1->key, hkey2->key, ISC_SHA384_BLOCK_LENGTH) == 0)
+       if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA384_BLOCK_LENGTH))
                return (ISC_TRUE);
        else
                return (ISC_FALSE);
@@ -1524,7 +1525,7 @@ hmacsha512_compare(const dst_key_t *key1, const dst_key_t *key2) {
        else if (hkey1 == NULL || hkey2 == NULL)
                return (ISC_FALSE);
 
-       if (memcmp(hkey1->key, hkey2->key, ISC_SHA512_BLOCK_LENGTH) == 0)
+       if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA512_BLOCK_LENGTH))
                return (ISC_TRUE);
        else
                return (ISC_FALSE);

diff --git a/lib/export/isc/Makefile.in b/lib/export/isc/Makefile.in
index c04a9073dcc3bbf0bd041c33ab9cd03766a87957..46df39df82aa10b4aa607acdd5ca9db51f4fa5a3 100644 (file)
--- a/lib/export/isc/Makefile.in
+++ b/lib/export/isc/Makefile.in
@@ -70,8 +70,8 @@ OBJS =                @ISC_EXTRA_OBJS@ \
                md5.@O@ mutexblock.@O@ netaddr.@O@ netscope.@O@ \
                ondestroy.@O@ parseint.@O@ portset.@O@ radix.@O@ \
                random.@O@ refcount.@O@ region.@O@ regex.@O@ result.@O@ \
-               rwlock.@O@ serial.@O@ sha1.@O@ sha2.@O@ sockaddr.@O@ \
-               stats.@O@ string.@O@ \
+               rwlock.@O@ safe.@O@ serial.@O@ sha1.@O@ sha2.@O@ \
+               sockaddr.@O@ stats.@O@ string.@O@ \
                symtab.@O@ \
                version.@O@ \
                ${APIOBJS} ${ISCDRIVEROBJS} \
@@ -94,7 +94,8 @@ SRCS =                @ISC_EXTRA_SRCS@ \
                ondestroy.c \
                parseint.c portset.c radix.c \
                random.c refcount.c region.c regex.c result.c rwlock.c \
-               serial.c sha1.c sha2.c sockaddr.c stats.c string.c symtab.c \
+               safe.c serial.c sha1.c sha2.c sockaddr.c \
+               stats.c string.c symtab.c \
                version.c \
                ${APISRCS} ${ISCDRIVERSRCS}
 

diff --git a/lib/isc/Makefile.in b/lib/isc/Makefile.in
index 2fa563358515596d8af3e8455cb39098561c94fd..3415ef9e485f465428ab9afbca034ad8b9f377c7 100644 (file)
--- a/lib/isc/Makefile.in
+++ b/lib/isc/Makefile.in
@@ -62,7 +62,7 @@ OBJS =                @ISC_EXTRA_OBJS@ \
                parseint.@O@ portset.@O@ quota.@O@ radix.@O@ random.@O@ \
                ratelimiter.@O@ refcount.@O@ region.@O@ regex.@O@ result.@O@ \
                rwlock.@O@ \
-               serial.@O@ sha1.@O@ sha2.@O@ sockaddr.@O@ stats.@O@ \
+               safe.@O@ serial.@O@ sha1.@O@ sha2.@O@ sockaddr.@O@ stats.@O@ \
                string.@O@ strtoul.@O@ symtab.@O@ task.@O@ taskpool.@O@ \
                timer.@O@ version.@O@ ${UNIXOBJS} ${NLSOBJS} ${THREADOBJS}
 SYMTBLOBJS =   backtrace-emptytbl.@O@
@@ -78,8 +78,9 @@ SRCS =                @ISC_EXTRA_SRCS@ \
                netaddr.c netscope.c ondestroy.c \
                parseint.c portset.c quota.c radix.c random.c \
                ratelimiter.c refcount.c region.c regex.c result.c rwlock.c \
-               serial.c sha1.c sha2.c sockaddr.c stats.c string.c strtoul.c \
-               symtab.c symtbl-empty.c task.c taskpool.c timer.c version.c
+               safe.c serial.c sha1.c sha2.c sockaddr.c stats.c string.c \
+               strtoul.c symtab.c symtbl-empty.c task.c taskpool.c timer.c \
+               version.c
 
 LIBS =         @LIBS@
 
@@ -93,6 +94,10 @@ TESTDIRS =   @UNITTESTS@
 
 @BIND9_MAKE_RULES@
 
+safe.@O@: safe.c
+       ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} @CCNOOPT@ \
+               -c ${srcdir}/safe.c
+
 version.@O@: version.c
        ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
                -DVERSION=\"${VERSION}\" \

diff --git a/lib/isc/hmacmd5.c b/lib/isc/hmacmd5.c
index 6abe6e27df8e37010db04872efac0fcf5c290898..4850e74c2a372ee42219f35a251a0aa198ac1ddb 100644 (file)
--- a/lib/isc/hmacmd5.c
+++ b/lib/isc/hmacmd5.c
@@ -28,6 +28,7 @@
 #include <isc/hmacmd5.h>
 #include <isc/md5.h>
 #include <isc/platform.h>
+#include <isc/safe.h>
 #include <isc/string.h>
 #include <isc/types.h>
 #include <isc/util.h>
@@ -145,5 +146,5 @@ isc_hmacmd5_verify2(isc_hmacmd5_t *ctx, unsigned char *digest, size_t len) {
 
        REQUIRE(len <= ISC_MD5_DIGESTLENGTH);
        isc_hmacmd5_sign(ctx, newdigest);
-       return (ISC_TF(memcmp(digest, newdigest, len) == 0));
+       return (isc_safe_memcmp(digest, newdigest, len));
 }

diff --git a/lib/isc/hmacsha.c b/lib/isc/hmacsha.c
index d7b9f1897eb0ebc4e571c2e7cf9558818dd4cf3c..7b588f9a1ea99cc8d5661885e8eea6e78c87c88d 100644 (file)
--- a/lib/isc/hmacsha.c
+++ b/lib/isc/hmacsha.c
@@ -27,6 +27,7 @@
 #include <isc/assertions.h>
 #include <isc/hmacsha.h>
 #include <isc/platform.h>
+#include <isc/safe.h>
 #include <isc/sha1.h>
 #include <isc/sha2.h>
 #include <isc/string.h>
@@ -538,7 +539,7 @@ isc_hmacsha1_verify(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) {
 
        REQUIRE(len <= ISC_SHA1_DIGESTLENGTH);
        isc_hmacsha1_sign(ctx, newdigest, ISC_SHA1_DIGESTLENGTH);
-       return (ISC_TF(memcmp(digest, newdigest, len) == 0));
+       return (isc_safe_memcmp(digest, newdigest, len));
 }
 
 /*
@@ -551,7 +552,7 @@ isc_hmacsha224_verify(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len)
 
        REQUIRE(len <= ISC_SHA224_DIGESTLENGTH);
        isc_hmacsha224_sign(ctx, newdigest, ISC_SHA224_DIGESTLENGTH);
-       return (ISC_TF(memcmp(digest, newdigest, len) == 0));
+       return (isc_safe_memcmp(digest, newdigest, len));
 }
 
 /*
@@ -564,7 +565,7 @@ isc_hmacsha256_verify(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len)
 
        REQUIRE(len <= ISC_SHA256_DIGESTLENGTH);
        isc_hmacsha256_sign(ctx, newdigest, ISC_SHA256_DIGESTLENGTH);
-       return (ISC_TF(memcmp(digest, newdigest, len) == 0));
+       return (isc_safe_memcmp(digest, newdigest, len));
 }
 
 /*
@@ -577,7 +578,7 @@ isc_hmacsha384_verify(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len)
 
        REQUIRE(len <= ISC_SHA384_DIGESTLENGTH);
        isc_hmacsha384_sign(ctx, newdigest, ISC_SHA384_DIGESTLENGTH);
-       return (ISC_TF(memcmp(digest, newdigest, len) == 0));
+       return (isc_safe_memcmp(digest, newdigest, len));
 }
 
 /*
@@ -590,5 +591,5 @@ isc_hmacsha512_verify(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len)
 
        REQUIRE(len <= ISC_SHA512_DIGESTLENGTH);
        isc_hmacsha512_sign(ctx, newdigest, ISC_SHA512_DIGESTLENGTH);
-       return (ISC_TF(memcmp(digest, newdigest, len) == 0));
+       return (isc_safe_memcmp(digest, newdigest, len));
 }

diff --git a/lib/isc/include/isc/Makefile.in b/lib/isc/include/isc/Makefile.in
index 8afcfa73cb802c0395484f8373b06385dc20553d..3b2b0369c1a56b5b58628aece1d18dd3a18cf2f4 100644 (file)
--- a/lib/isc/include/isc/Makefile.in
+++ b/lib/isc/include/isc/Makefile.in
@@ -37,7 +37,7 @@ HEADERS =     app.h assertions.h base64.h bind9.h bitstring.h boolean.h \
                namespace.h netaddr.h ondestroy.h os.h parseint.h \
                print.h quota.h radix.h random.h ratelimiter.h \
                refcount.h regex.h region.h resource.h \
-               result.h resultclass.h rwlock.h serial.h sha1.h sha2.h \
+               result.h resultclass.h rwlock.h safe.h serial.h sha1.h sha2.h \
                sockaddr.h socket.h stdio.h stdlib.h string.h \
                symtab.h \
                task.h taskpool.h timer.h types.h util.h version.h \

diff --git a/lib/isc/include/isc/safe.h b/lib/isc/include/isc/safe.h
new file mode 100644 (file)
index 0000000..89d56de
--- /dev/null
+++ b/lib/isc/include/isc/safe.h
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2013  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id$ */
+
+#ifndef ISC_SAFE_H
+#define ISC_SAFE_H 1
+
+/*! \file isc/safe.h */
+
+#include <isc/types.h>
+
+ISC_LANG_BEGINDECLS
+
+isc_boolean_t
+isc_safe_memcmp(const void *s1, const void *s2, size_t n);
+/*%<
+ * Clone of libc memcmp() safe to differential timing attacks.
+ */
+
+ISC_LANG_ENDDECLS
+
+#endif /* ISC_SAFE_H */

diff --git a/lib/isc/safe.c b/lib/isc/safe.c
new file mode 100644 (file)
index 0000000..3f005d3
--- /dev/null
+++ b/lib/isc/safe.c
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2013  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id$ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <isc/safe.h>
+#include <isc/util.h>
+
+#ifdef _MSC_VER
+#pragma optimize("", off)
+#endif
+
+isc_boolean_t
+isc_safe_memcmp(const void *s1, const void *s2, size_t n) {
+       isc_uint8_t acc = 0;
+
+       if (n != 0) {
+               const isc_uint8_t *p1 = s1, *p2 = s2;
+
+               do {
+                       acc |= *p1++ ^ *p2++;
+               } while (--n != 0);
+       }
+       return (ISC_TF(acc == 0));
+}

diff --git a/lib/isc/tests/Makefile.in b/lib/isc/tests/Makefile.in
index b7390636545644d81540a7e726599557edc6fe8b..79c9e8b7a8b159be836bd66c86550393eba4a813 100644 (file)
--- a/lib/isc/tests/Makefile.in
+++ b/lib/isc/tests/Makefile.in
@@ -37,11 +37,12 @@ LIBS =              @LIBS@ @ATFLIBS@
 OBJS =         isctest.@O@
 
 SRCS =         isctest.c taskpool_test.c hash_test.c sockaddr_test.c \
-               symtab_test.c parse_test.c regex_test.c
+               safe_test.c symtab_test.c parse_test.c regex_test.c
 
 SUBDIRS =
 TARGETS =      taskpool_test@EXEEXT@ hash_test@EXEEXT@ sockaddr_test@EXEEXT@ \
-               symtab_test@EXEEXT@ parse_test@EXEEXT@ regex_test@EXEEXT@
+               safe_test@EXEEXT@ symtab_test@EXEEXT@ parse_test@EXEEXT@ \
+               regex_test@EXEEXT@
 
 @BIND9_MAKE_RULES@
 
@@ -69,6 +70,10 @@ regex_test@EXEEXT@: regex_test.@O@ ${ISCDEPLIBS}
        ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
                        regex_test.@O@ ${ISCLIBS} ${LIBS}
 
+safe_test@EXEEXT@: safe_test.@O@ ${ISCDEPLIBS}
+       ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+                       safe_test.@O@ ${ISCLIBS} ${LIBS}
+
 unit::
        sh ${top_srcdir}/unit/unittest.sh
 

diff --git a/lib/isc/tests/safe_test.c b/lib/isc/tests/safe_test.c
new file mode 100644 (file)
index 0000000..7b7ac39
--- /dev/null
+++ b/lib/isc/tests/safe_test.c
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2013  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id$ */
+
+/* ! \file */
+
+#include <config.h>
+
+#include <atf-c.h>
+
+#include <stdio.h>
+#include <string.h>
+
+#include <isc/safe.h>
+#include <isc/util.h>
+
+ATF_TC(isc_safe_memcmp);
+ATF_TC_HEAD(isc_safe_memcmp, tc) {
+       atf_tc_set_md_var(tc, "descr", "safe memcmp()");
+}
+ATF_TC_BODY(isc_safe_memcmp, tc) {
+       UNUSED(tc);
+
+       ATF_CHECK(isc_safe_memcmp("test", "test", 4));
+       ATF_CHECK(!isc_safe_memcmp("test", "tesc", 4));
+       ATF_CHECK(isc_safe_memcmp("\x00\x00\x00\x00", "\x00\x00\x00\x00", 4));
+       ATF_CHECK(!isc_safe_memcmp("\x00\x00\x00\x00", "\x00\x00\x00\x01", 4));
+       ATF_CHECK(!isc_safe_memcmp("\x00\x00\x00\x02", "\x00\x00\x00\x00", 4));
+}
+
+/*
+ * Main
+ */
+ATF_TP_ADD_TCS(tp) {
+       ATF_TP_ADD_TC(tp, isc_safe_memcmp);
+       return (atf_no_error());
+}
+

diff --git a/lib/isc/win32/libisc.def b/lib/isc/win32/libisc.def
index 7a77a8e3ec814e89c49ea1601d0c5118cadd9373..1f581682f77a07d3938ce9456e78d802a20dcea1 100644 (file)
--- a/lib/isc/win32/libisc.def
+++ b/lib/isc/win32/libisc.def
@@ -456,6 +456,7 @@ isc_rwlock_lock
 isc_rwlock_trylock
 isc_rwlock_tryupgrade
 isc_rwlock_unlock
+isc_safe_memcmp
 isc_serial_eq
 isc_serial_ge
 isc_serial_gt

diff --git a/lib/isc/win32/libisc.dsp b/lib/isc/win32/libisc.dsp
index b51a30d537b703a7f2ee901d7f73f43d6afef334..fad2f46ea09ad0a5caff89d309f818d2967f623b 100644 (file)
--- a/lib/isc/win32/libisc.dsp
+++ b/lib/isc/win32/libisc.dsp
@@ -487,6 +487,10 @@ SOURCE=..\include\isc\rwlock.h
 # End Source File
 # Begin Source File
 
+SOURCE=..\include\isc\safe.h
+# End Source File
+# Begin Source File
+
 SOURCE=..\include\isc\serial.h
 # End Source File
 # Begin Source File
@@ -755,6 +759,10 @@ SOURCE=..\rwlock.c
 # End Source File
 # Begin Source File
 
+SOURCE=..\safe.c
+# End Source File
+# Begin Source File
+
 SOURCE=..\serial.c
 # End Source File
 # Begin Source File

diff --git a/lib/isc/win32/libisc.mak b/lib/isc/win32/libisc.mak
index f3f5de42b469ab270fe886ea4fd705d2a688d545..8e2274052ebccd34406a80b1ed400fe50ea7ccc4 100644 (file)
--- a/lib/isc/win32/libisc.mak
+++ b/lib/isc/win32/libisc.mak
@@ -173,6 +173,7 @@ CLEAN :
        -@erase "$(INTDIR)\resource.obj"
        -@erase "$(INTDIR)\result.obj"
        -@erase "$(INTDIR)\rwlock.obj"
+       -@erase "$(INTDIR)\safe.obj"
        -@erase "$(INTDIR)\serial.obj"
        -@erase "$(INTDIR)\sha1.obj"
        -@erase "$(INTDIR)\sha2.obj"
@@ -276,6 +277,7 @@ LINK32_OBJS= \
        "$(INTDIR)\refcount.obj" \
        "$(INTDIR)\result.obj" \
        "$(INTDIR)\rwlock.obj" \
+       "$(INTDIR)\safe.obj" \
        "$(INTDIR)\serial.obj" \
        "$(INTDIR)\sha1.obj" \
        "$(INTDIR)\sha2.obj" \
@@ -427,6 +429,8 @@ CLEAN :
        -@erase "$(INTDIR)\result.sbr"
        -@erase "$(INTDIR)\rwlock.obj"
        -@erase "$(INTDIR)\rwlock.sbr"
+       -@erase "$(INTDIR)\safe.obj"
+       -@erase "$(INTDIR)\safe.sbr"
        -@erase "$(INTDIR)\serial.obj"
        -@erase "$(INTDIR)\serial.sbr"
        -@erase "$(INTDIR)\sha1.obj"
@@ -548,6 +552,7 @@ BSC32_SBRS= \
        "$(INTDIR)\refcount.sbr" \
        "$(INTDIR)\result.sbr" \
        "$(INTDIR)\rwlock.sbr" \
+       "$(INTDIR)\safe.sbr" \
        "$(INTDIR)\serial.sbr" \
        "$(INTDIR)\sha1.sbr" \
        "$(INTDIR)\sha2.sbr" \
@@ -637,6 +642,7 @@ LINK32_OBJS= \
        "$(INTDIR)\refcount.obj" \
        "$(INTDIR)\result.obj" \
        "$(INTDIR)\rwlock.obj" \
+       "$(INTDIR)\safe.obj" \
        "$(INTDIR)\serial.obj" \
        "$(INTDIR)\sha1.obj" \
        "$(INTDIR)\sha2.obj" \
@@ -1875,6 +1881,24 @@ SOURCE=..\rwlock.c
        $(CPP) $(CPP_PROJ) $(SOURCE)
 
 
+!ENDIF 
+
+SOURCE=..\safe.c
+
+!IF  "$(CFG)" == "libisc - Win32 Release"
+
+
+"$(INTDIR)\safe.obj" : $(SOURCE) "$(INTDIR)"
+       $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF  "$(CFG)" == "libisc - Win32 Debug"
+
+
+"$(INTDIR)\safe.obj"   "$(INTDIR)\safe.sbr" : $(SOURCE) "$(INTDIR)"
+       $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
 !ENDIF 
 
 SOURCE=..\serial.c

diff --git a/lib/isccc/cc.c b/lib/isccc/cc.c
index 07f8157b0aa677d454fa5280864243db93e68964..65e889e34ce3fbc2f057ffd6f92678fcd122eb4a 100644 (file)
--- a/lib/isccc/cc.c
+++ b/lib/isccc/cc.c
@@ -42,6 +42,7 @@
 #include <isc/assertions.h>
 #include <isc/hmacmd5.h>
 #include <isc/print.h>
+#include <isc/safe.h>
 #include <isc/stdlib.h>
 
 #include <isccc/alist.h>
@@ -311,7 +312,8 @@ verify(isccc_sexpr_t *alist, unsigned char *data, unsigned int length,
        /*
         * Verify.
         */
-       if (strcmp((char *)digestb64, isccc_sexpr_tostring(hmd5)) != 0)
+       if (!isc_safe_memcmp((unsigned char *) isccc_sexpr_tostring(hmd5),
+                            digestb64, HMD5_LENGTH))
                return (ISCCC_R_BADAUTH);
 
        return (ISC_R_SUCCESS);