heimdal: Fix CVE-2022-4152, signature validation error
When CVE-2022-3437 was fixed by changing memcmp to be a constant
time and the workaround for th e compiler was to add "!=0". However
the logic implmented was inverted resulting in CVE-2022-4152.
Reported by: Timothy E Zingelman <zingelman _AT_ fnal.gov>
Security: CVE-2022-4152
Security: https://www.cve.org/CVERecord?id=CVE-2022-45142
Security: https://nvd.nist.gov/vuln/detail/CVE-2022-45142
Security: https://security-tracker.debian.org/tracker/CVE-2022-45142
Security: https://bugs.gentoo.org/show_bug.cgi?id=CVE-2022-45142
Security: https://bugzilla.samba.org/show_bug.cgi?id=15296
Security: https://www.openwall.com/lists/oss-security/2023/02/08/1
Approved by: re (cperciva)
(cherry picked from commit
5abaf0866445a61c11665fffc148ecd13a7bb9ac)
(cherry picked from commit
59c26d1a95a00418892e08341e3eae074c238680)
projects / FreeBSD / FreeBSD.git / commit