ITS#10224 libldap: check for OpenSSL EVP_Digest* failure

author Howard Chu <hyc@openldap.org>

Fri, 7 Jun 2024 14:33:04 +0000 (15:33 +0100)

committer Quanah Gibson-Mount <quanah@openldap.org>

Fri, 28 Jun 2024 16:52:18 +0000 (16:52 +0000)
author Howard Chu <hyc@openldap.org>
Fri, 7 Jun 2024 14:33:04 +0000 (15:33 +0100)
committer Quanah Gibson-Mount <quanah@openldap.org>
Fri, 28 Jun 2024 16:52:18 +0000 (16:52 +0000)
diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c

index c93579fd8619647c954ca1e19345e4aa6a13fe13..e7afeaa93834ae9b3ee4e872e780f21221281067 100644 (file)
--- a/libraries/libldap/tls_o.c
+++ b/libraries/libldap/tls_o.c
@@ -1170,15 +1170,19 @@ tlso_session_pinning( LDAP *ld, tls_session *sess, char *hashalg, struct berval
                         goto done;
                 }
  
-               EVP_DigestInit_ex( mdctx, md, NULL );
-               EVP_DigestUpdate( mdctx, key.bv_val, key.bv_len );
-               EVP_DigestFinal_ex( mdctx, (unsigned char *)keyhash.bv_val, &len );
-               keyhash.bv_len = len;
+               if ( EVP_DigestInit_ex( mdctx, md, NULL ) &&
+                       EVP_DigestUpdate( mdctx, key.bv_val, key.bv_len ) &&
+                       EVP_DigestFinal_ex( mdctx, (unsigned char *)keyhash.bv_val, &len ))
+                       keyhash.bv_len = len;
+               else
+                       rc = -1;
  #if OPENSSL_VERSION_NUMBER >= 0x10100000
                 EVP_MD_CTX_free( mdctx );
  #else
                 EVP_MD_CTX_destroy( mdctx );
  #endif
+               if ( rc )
+                       goto done;
         } else {
                 keyhash = key;
         }
author	Howard Chu <hyc@openldap.org>
	Fri, 7 Jun 2024 14:33:04 +0000 (15:33 +0100)
committer	Quanah Gibson-Mount <quanah@openldap.org>
	Fri, 28 Jun 2024 16:52:18 +0000 (16:52 +0000)