K 10
svn:author
V 2
cy
K 8
svn:date
V 27
2023-03-10T20:33:38.323090Z
K 7
svn:log
V 861
heimdal: Fix CVE-2022-4152, signature validation error

When CVE-2022-3437 was fixed by changing memcmp to be a constant
time and the workaround for th e compiler was to add "!=0". However
the logic implmented was inverted resulting in CVE-2022-4152.

Reported by:	Timothy E Zingelman <zingelman _AT_ fnal.gov>
Security:	CVE-2022-4152
Security:	https://www.cve.org/CVERecord?id=CVE-2022-45142
Security:	https://nvd.nist.gov/vuln/detail/CVE-2022-45142
Security:	https://security-tracker.debian.org/tracker/CVE-2022-45142
Security:	https://bugs.gentoo.org/show_bug.cgi?id=CVE-2022-45142
Security:	https://bugzilla.samba.org/show_bug.cgi?id=15296
Security:	https://www.openwall.com/lists/oss-security/2023/02/08/1

(cherry picked from commit 5abaf0866445a61c11665fffc148ecd13a7bb9ac)

Git Hash:   c4c0bd4d0102feef22157491538b78c0e894b1aa
Git Author: cy@FreeBSD.org
END