Safer buffer comparisons in the SSL modules

2025-07-29 11:41:15 +03:00 · 2013-10-28 13:46:11 +01:00
parent 291f9af935
commit 31ff1d2e4f
4 changed files with 41 additions and 17 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -1711,7 +1711,7 @@ static int ssl_decrypt_buf( ssl_context *ssl )
        SSL_DEBUG_BUF( 4, "computed mac", ssl->in_msg + ssl->in_msglen,
                       ssl->transform_in->maclen );

-        if( memcmp( tmp, ssl->in_msg + ssl->in_msglen,
+        if( safer_memcmp( tmp, ssl->in_msg + ssl->in_msglen,
                         ssl->transform_in->maclen ) != 0 )
        {
 #if defined(POLARSSL_SSL_DEBUG_ALL)
@ -3192,7 +3192,7 @@ int ssl_parse_finished( ssl_context *ssl )
        return( POLARSSL_ERR_SSL_BAD_HS_FINISHED );
    }

-    if( memcmp( ssl->in_msg + 4, buf, hash_len ) != 0 )
+    if( safer_memcmp( ssl->in_msg + 4, buf, hash_len ) != 0 )
    {
        SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
        return( POLARSSL_ERR_SSL_BAD_HS_FINISHED );