58 lines
1.5 KiB
Diff
58 lines
1.5 KiB
Diff
From 9276027c687723886e8277b77061464303845831 Mon Sep 17 00:00:00 2001
|
|
From: Jakub Jelen <jjelen@redhat.com>
|
|
Date: Fri, 15 Dec 2023 13:35:14 +0100
|
|
Subject: [PATCH 4/5] CVE-2023-6918: kdf: Detect context init failures
|
|
|
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
|
|
Conflict:NA
|
|
Reference:https://gitlab.com/libssh/libssh-mirror/-/commit/9276027c687723886e8277b77061464303845831
|
|
---
|
|
src/kdf.c | 18 +++++++++++++++---
|
|
1 file changed, 15 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/src/kdf.c b/src/kdf.c
|
|
index 90f6e9f3..b08f0b2f 100644
|
|
--- a/src/kdf.c
|
|
+++ b/src/kdf.c
|
|
@@ -61,20 +61,32 @@ static ssh_mac_ctx ssh_mac_ctx_init(enum ssh_kdf_digest type)
|
|
switch (type) {
|
|
case SSH_KDF_SHA1:
|
|
ctx->ctx.sha1_ctx = sha1_init();
|
|
+ if (ctx->ctx.sha1_ctx == NULL) {
|
|
+ goto err;
|
|
+ }
|
|
return ctx;
|
|
case SSH_KDF_SHA256:
|
|
ctx->ctx.sha256_ctx = sha256_init();
|
|
+ if (ctx->ctx.sha256_ctx == NULL) {
|
|
+ goto err;
|
|
+ }
|
|
return ctx;
|
|
case SSH_KDF_SHA384:
|
|
ctx->ctx.sha384_ctx = sha384_init();
|
|
+ if (ctx->ctx.sha384_ctx == NULL) {
|
|
+ goto err;
|
|
+ }
|
|
return ctx;
|
|
case SSH_KDF_SHA512:
|
|
ctx->ctx.sha512_ctx = sha512_init();
|
|
+ if (ctx->ctx.sha512_ctx == NULL) {
|
|
+ goto err;
|
|
+ }
|
|
return ctx;
|
|
- default:
|
|
- SAFE_FREE(ctx);
|
|
- return NULL;
|
|
}
|
|
+err:
|
|
+ SAFE_FREE(ctx);
|
|
+ return NULL;
|
|
}
|
|
|
|
static void ssh_mac_ctx_free(ssh_mac_ctx ctx)
|
|
--
|
|
2.33.0
|
|
|