From: dtucker@openbsd.org <dtucker@openbsd.org>
Date: Fri, 23 May 2025 11:25:35 +0000 (+0000)
Subject: upstream: Ensure args to nh_update() fit within uint32, which it
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3e11478f585408888defa56fa47e8dc6567378d0;p=thirdparty%2Fopenssh-portable.git

upstream: Ensure args to nh_update() fit within uint32, which it

should always anyway. Placates Coverity CID 470520.  While there, fix the
upstream URL.  ok djm@

OpenBSD-Commit-ID: 2478e89fde089a49fa02f9faf6287d35959c9f92
---

diff --git a/umac.c b/umac.c
index d5958babf..df9035260 100644
--- a/umac.c
+++ b/umac.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: umac.c,v 1.23 2023/03/07 01:30:52 djm Exp $ */
+/* $OpenBSD: umac.c,v 1.24 2025/05/23 11:25:35 dtucker Exp $ */
 /* -----------------------------------------------------------------------
  *
  * umac.c -- C Implementation UMAC Message Authentication
@@ -6,7 +6,7 @@
  * Version 0.93b of rfc4418.txt -- 2006 July 18
  *
  * For a full description of UMAC message authentication see the UMAC
- * world-wide-web page at http://www.cs.ucdavis.edu/~rogaway/umac
+ * world-wide-web page at https://fastcrypto.org/umac/
  * Please report bugs and suggestions to the UMAC webpage.
  *
  * Copyright (c) 1999-2006 Ted Krovetz
@@ -1089,7 +1089,7 @@ static int uhash_update(uhash_ctx_t ctx, const u_char *input, long len)
          }
 
          /* pass remaining < L1_KEY_LEN bytes of input data to NH */
-         if (len) {
+         if (len > 0 && len <= UINT32_MAX) {
              nh_update(&ctx->hash, (const UINT8 *)input, len);
              ctx->msg_len += len;
          }