From: Daniel Stenberg <daniel@haxx.se>
Date: Sat, 21 Dec 2024 09:54:28 +0000 (+0100)
Subject: vtls_cache: bail out proper if Curl_hmacit() fails
X-Git-Tag: curl-8_12_0~301
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3428b8ad1c67bcb0098542f99de0ca0d7e024309;p=thirdparty%2Fcurl.git

vtls_cache: bail out proper if Curl_hmacit() fails

Pointed out by CodeSonar

Closes #15790
---

diff --git a/lib/vtls/vtls_scache.c b/lib/vtls/vtls_scache.c
index 4ba054e3f1..a9215223e7 100644
--- a/lib/vtls/vtls_scache.c
+++ b/lib/vtls/vtls_scache.c
@@ -591,12 +591,14 @@ static CURLcode cf_ssl_find_peer(struct Curl_cfilter *cf,
       unsigned char my_hmac[CURL_SHA256_DIGEST_LENGTH];
       if(!peer_key_len) /* we are lazy */
         peer_key_len = strlen(ssl_peer_key);
-      (void)Curl_hmacit(&Curl_HMAC_SHA256,
-                        scache->peers[i].key_salt,
-                        sizeof(scache->peers[i].key_salt),
-                        (const unsigned char *)ssl_peer_key,
-                        peer_key_len,
-                        my_hmac);
+      result = Curl_hmacit(&Curl_HMAC_SHA256,
+                           scache->peers[i].key_salt,
+                           sizeof(scache->peers[i].key_salt),
+                           (const unsigned char *)ssl_peer_key,
+                           peer_key_len,
+                           my_hmac);
+      if(result)
+        goto out;
       if(!memcmp(scache->peers[i].key_hmac, my_hmac, sizeof(my_hmac))) {
         /* remember peer_key for future lookups */
         scache->peers[i].ssl_peer_key = strdup(ssl_peer_key);