https://bugs.gentoo.org/893722 https://www.openwall.com/lists/oss-security/2023/02/08/1 From: Helmut Grohne Subject: [PATCH v3] CVE-2022-45142: gsskrb5: fix accidental logic inversions The referenced commit attempted to fix miscompilations with gcc-9 and gcc-10 by changing `memcmp(...)` to `memcmp(...) != 0`. Unfortunately, it also inverted the result of the comparison in two occasions. This inversion happened during backporting the patch to 7.7.1 and 7.8.0. Fixes: f6edaafcfefd ("gsskrb5: CVE-2022-3437 Use constant-time memcmp() for arcfour unwrap") Signed-off-by: Helmut Grohne --- a/lib/gssapi/krb5/arcfour.c +++ b/lib/gssapi/krb5/arcfour.c @@ -365,7 +365,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status, return GSS_S_FAILURE; } - cmp = (ct_memcmp(cksum_data, p + 8, 8) == 0); + cmp = (ct_memcmp(cksum_data, p + 8, 8) != 0); if (cmp) { *minor_status = 0; return GSS_S_BAD_MIC; @@ -730,7 +730,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, return GSS_S_FAILURE; } - cmp = (ct_memcmp(cksum_data, p0 + 16, 8) == 0); /* SGN_CKSUM */ + cmp = (ct_memcmp(cksum_data, p0 + 16, 8) != 0); /* SGN_CKSUM */ if (cmp) { _gsskrb5_release_buffer(minor_status, output_message_buffer); *minor_status = 0; -- 2.38.1