From b5b4be203be7bfc2605b7e80fbb6bfc781fbecf5 Mon Sep 17 00:00:00 2001
From: Daniel Markstedt <daniel@mindani.net>
Date: Wed, 6 May 2026 21:49:35 +0200
Subject: [PATCH] CVE-2026-44061: uams: use constant-time comparisons in
 Randnum UAMs

Reported-by: @00redbeer
Signed-off-by: Daniel Markstedt <daniel@mindani.net>
---
 etc/uams/uams_randnum.c | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/etc/uams/uams_randnum.c b/etc/uams/uams_randnum.c
index 2f71760d8..f1a6a891e 100644
--- a/etc/uams/uams_randnum.c
+++ b/etc/uams/uams_randnum.c
@@ -38,6 +38,19 @@
 #define PASSWDLEN 8
 
 static unsigned char seskey[8];
+
+static int ct_memcmp(const void *a, const void *b, size_t n)
+{
+    const unsigned char *pa = (const unsigned char *)a;
+    const unsigned char *pb = (const unsigned char *)b;
+    unsigned char diff = 0;
+
+    for (size_t i = 0; i < n; i++) {
+        diff |= pa[i] ^ pb[i];
+    }
+
+    return diff != 0;
+}
 static struct passwd	*randpwd;
 static uint8_t         randbuf[8];
 
@@ -418,7 +431,7 @@ static int randnum_logincont(void *obj, struct passwd **uam_pwd,
     gcry_cipher_close(ctx);
 
     /* test against what the client sent */
-    if (memcmp(randbuf, ibuf, sizeof(randbuf))) {
+    if (ct_memcmp(randbuf, ibuf, sizeof(randbuf))) {
         /* != */
         explicit_bzero(randbuf, sizeof(randbuf));
         return AFPERR_NOTAUTH;
@@ -464,7 +477,7 @@ static int rand2num_logincont(void *obj, struct passwd **uam_pwd,
     ctxerror = gcry_cipher_encrypt(ctx, randbuf, sizeof(randbuf), NULL, 0);
 
     /* test against client's reply */
-    if (memcmp(randbuf, ibuf, sizeof(randbuf))) {
+    if (ct_memcmp(randbuf, ibuf, sizeof(randbuf))) {
         /* != */
         explicit_bzero(randbuf, sizeof(randbuf));
         gcry_cipher_close(ctx);
@@ -534,9 +547,9 @@ static int randnum_changepw(void *obj, const char *username _U_,
     ctxerror = gcry_cipher_decrypt(ctx, ibuf, PASSWDLEN, NULL, 0);
     gcry_cipher_close(ctx);
 
-    if (memcmp(seskey, ibuf, sizeof(seskey))) {
+    if (ct_memcmp(seskey, ibuf, sizeof(seskey))) {
         err = AFPERR_NOTAUTH;
-    } else if (memcmp(seskey, ibuf + PASSWDLEN, sizeof(seskey)) == 0) {
+    } else if (ct_memcmp(seskey, ibuf + PASSWDLEN, sizeof(seskey)) == 0) {
         err = AFPERR_PWDSAME;
     }