diff options
author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2022-06-08 17:36:52 +0200 |
---|---|---|
committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2022-06-10 12:44:37 +0200 |
commit | 4650cf23c84f33354e5284fbcf56f131aa83343b (patch) | |
tree | a1f4313843e2eae9947833a3cc96cc3476d02630 /providers | |
parent | 6c98a46c4742d40870db83142309c94b66d41e25 (diff) |
Fix a use after free in error handling of hmac_dup
dst->digest needs to be zeroized in case HMAC_CTX_copy
or ossl_prov_digest_copy return failure.
Fixes #18493
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18502)
(cherry picked from commit cec1699f1f54ba8b87f055776dc77b48dd37d5fa)
Diffstat (limited to 'providers')
-rw-r--r-- | providers/implementations/macs/hmac_prov.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c index 2d6087b2c6..52ebb08b8f 100644 --- a/providers/implementations/macs/hmac_prov.c +++ b/providers/implementations/macs/hmac_prov.c @@ -115,6 +115,7 @@ static void *hmac_dup(void *vsrc) *dst = *src; dst->ctx = ctx; dst->key = NULL; + memset(&dst->digest, 0, sizeof(dst->digest)); if (!HMAC_CTX_copy(dst->ctx, src->ctx) || !ossl_prov_digest_copy(&dst->digest, &src->digest)) { |