]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ee11118)
Fix a use after free in error handling of hmac_dup
authorBernd Edlinger <bernd.edlinger@hotmail.de>
Wed, 8 Jun 2022 15:36:52 +0000 (17:36 +0200)
committerBernd Edlinger <bernd.edlinger@hotmail.de>
Fri, 10 Jun 2022 10:43:38 +0000 (12:43 +0200)
dst->digest needs to be zeroized in case HMAC_CTX_copy
or ossl_prov_digest_copy return failure.

Fixes #18493

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18502)

providers/implementations/macs/hmac_prov.c patch | blob | blame | history

diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c
index 2d6087b2c65987b95e3d9b3a0ac220a7d02d44a9..52ebb08b8f627667ac4da03d5521a6e1ba337792 100644 (file)
--- a/providers/implementations/macs/hmac_prov.c
+++ b/providers/implementations/macs/hmac_prov.c
@@ -115,6 +115,7 @@ static void *hmac_dup(void *vsrc)
     *dst = *src;
     dst->ctx = ctx;
     dst->key = NULL;
+    memset(&dst->digest, 0, sizeof(dst->digest));
 
     if (!HMAC_CTX_copy(dst->ctx, src->ctx)
         || !ossl_prov_digest_copy(&dst->digest, &src->digest)) {
Mirror of https://github.com/openssl/openssl.git