feafcbceb6
Resolves: rhbz#1392916 - sssd failes to start after update
Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses
on the directory /etc/sssd
(cherry picked from commit eb6c560542)
33 lines
1.1 KiB
Diff
33 lines
1.1 KiB
Diff
From 5a6aeb890bdf18729e45cd08cfa244e3da4ed45b Mon Sep 17 00:00:00 2001
|
|
From: Lukas Slebodnik <lslebodn@redhat.com>
|
|
Date: Wed, 19 Oct 2016 16:46:44 +0200
|
|
Subject: [PATCH 02/39] libcrypto: Check right value of CRYPTO_memcmp
|
|
|
|
sss_decrypt failed even though should pass because
|
|
we were checking wrong value of CRYPTO_memcmp.
|
|
Nobody noticed that because there was not a unit test :-)
|
|
|
|
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
|
(cherry picked from commit 0c2be9700d3b54db33c1a3dd5d230b34bfaceb50)
|
|
(cherry picked from commit f4da46bd77f2eed2d04152b75c78bfc561c79354)
|
|
---
|
|
src/util/crypto/libcrypto/crypto_nite.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/src/util/crypto/libcrypto/crypto_nite.c b/src/util/crypto/libcrypto/crypto_nite.c
|
|
index de562f2d2..e863d3fc9 100644
|
|
--- a/src/util/crypto/libcrypto/crypto_nite.c
|
|
+++ b/src/util/crypto/libcrypto/crypto_nite.c
|
|
@@ -237,7 +237,7 @@ int sss_decrypt(TALLOC_CTX *mem_ctx, enum encmethod enctype,
|
|
}
|
|
|
|
ret = CRYPTO_memcmp(&ciphertext[cipherlen - hmaclen], out, hmaclen);
|
|
- if (ret != 1) {
|
|
+ if (ret != 0) {
|
|
ret = EFAULT;
|
|
goto done;
|
|
}
|
|
--
|
|
2.11.0
|
|
|