HardenedBSD/crypto/heimdal
Cy Schubert 5abaf08664 heimdal: Fix CVE-2022-4152, signature validation error
When CVE-2022-3437 was fixed by changing memcmp to be a constant
time and the workaround for th e compiler was to add "!=0". However
the logic implmented was inverted resulting in CVE-2022-4152.

Reported by:	Timothy E Zingelman <zingelman _AT_ fnal.gov>
MFC after:	1 day
Security:	CVE-2022-4152
Security:	https://www.cve.org/CVERecord?id=CVE-2022-45142
Security:	https://nvd.nist.gov/vuln/detail/CVE-2022-45142
Security:	https://security-tracker.debian.org/tracker/CVE-2022-45142
Security:	https://bugs.gentoo.org/show_bug.cgi?id=CVE-2022-45142
Security:	https://bugzilla.samba.org/show_bug.cgi?id=15296
Security:	https://www.openwall.com/lists/oss-security/2023/02/08/1
2023-03-09 17:18:49 -08:00
..
admin
appl
base
doc
etc
include
kadmin heimdal: Properly ix bus fault when zero-length request received 2022-12-09 06:09:54 -08:00
kcm
kdc
kpasswd
kuser
lib heimdal: Fix CVE-2022-4152, signature validation error 2023-03-09 17:18:49 -08:00
tools
acinclude.m4
aclocal.m4
autogen.sh
ChangeLog
ChangeLog.1998
ChangeLog.1999
ChangeLog.2000
ChangeLog.2001
ChangeLog.2002
ChangeLog.2003
ChangeLog.2004
ChangeLog.2005
ChangeLog.2006
compile
config.guess
config.sub
configure
FREEBSD-Xlist
install-sh
krb5.conf
LICENSE
ltmain.sh
Makefile.am
Makefile.am.common
Makefile.in
missing
NEWS
README

Heimdal is a Kerberos 5 implementation.

For information how to install see <http://www.h5l.org/compile.html>.

There are briefer man pages for most of the commands.

Bug reports and bugs are appreciated, see more under Bug reports in
the manual on how we prefer them: <heimdal-bugs@h5l.org>.

For more information see the web-page at
<http://www.h5l.org/> or the mailing lists:

heimdal-announce@sics.se	low-volume announcement
heimdal-discuss@sics.se		high-volume discussion

send a mail to heimdal-announce-request@sics.se and
heimdal-discuss-request@sics.se respectively to subscribe.