Fix a use after free in error handling of hmac_dup

dst->digest needs to be zeroized in case HMAC_CTX_copy or ossl_prov_digest_copy return failure. Fixes #18493 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18502)
author: Bernd Edlinger <bernd.edlinger@hotmail.de> 2022-06-08 17:36:52 +0200
committer: Bernd Edlinger <bernd.edlinger@hotmail.de> 2022-06-10 12:43:38 +0200
commit: cec1699f1f54ba8b87f055776dc77b48dd37d5fa (patch)
tree: 5d755ee4f8904778490b64ac27163499753edefc /providers
parent: ee11118deb65d2b22b94721125a5649d05591e7b (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c
index 2d6087b2c6..52ebb08b8f 100644
--- a/providers/implementations/macs/hmac_prov.c
+++ b/providers/implementations/macs/hmac_prov.c
@@ -115,6 +115,7 @@ static void *hmac_dup(void *vsrc)
     *dst = *src;
     dst->ctx = ctx;
     dst->key = NULL;
+    memset(&dst->digest, 0, sizeof(dst->digest));
 
     if (!HMAC_CTX_copy(dst->ctx, src->ctx)
         || !ossl_prov_digest_copy(&dst->digest, &src->digest)) {
author	Bernd Edlinger <bernd.edlinger@hotmail.de>	2022-06-08 17:36:52 +0200
committer	Bernd Edlinger <bernd.edlinger@hotmail.de>	2022-06-10 12:43:38 +0200
commit	cec1699f1f54ba8b87f055776dc77b48dd37d5fa (patch)
tree	5d755ee4f8904778490b64ac27163499753edefc /providers
parent	ee11118deb65d2b22b94721125a5649d05591e7b (diff)