HomeFreeBSD

heimdal: Fix CVE-2022-4152, signature validation error

Description

heimdal: Fix CVE-2022-4152, signature validation error

When CVE-2022-3437 was fixed by changing memcmp to be a constant
time and the workaround for th e compiler was to add "!=0". However
the logic implmented was inverted resulting in CVE-2022-4152.

Reported by: Timothy E Zingelman <zingelman _AT_ fnal.gov>
MFC after: 1 day
Security: CVE-2022-4152
Security: https://www.cve.org/CVERecord?id=CVE-2022-45142
Security: https://nvd.nist.gov/vuln/detail/CVE-2022-45142
Security: https://security-tracker.debian.org/tracker/CVE-2022-45142
Security: https://bugs.gentoo.org/show_bug.cgi?id=CVE-2022-45142
Security: https://bugzilla.samba.org/show_bug.cgi?id=15296
Security: https://www.openwall.com/lists/oss-security/2023/02/08/1

Details

Provenance
cyAuthored on Mar 10 2023, 1:03 AM
Parents
rG4a2b92d99fee: sctp: initial implementation of draft-tuexen-tsvwg-sctp-zero-checksum
Branches
Unknown
Tags
Unknown