[openssl/openssl] cec169: Fix a use after free in error handling of hmac_dup
bernd-edlinger
noreply at reply.github.openssl.org
Fri Jun 10 10:44:19 UTC 2022
Branch: refs/heads/master
Home: https://github.openssl.org/openssl/openssl
Commit: cec1699f1f54ba8b87f055776dc77b48dd37d5fa
https://github.openssl.org/openssl/openssl/commit/cec1699f1f54ba8b87f055776dc77b48dd37d5fa
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date: 2022-06-10 (Fri, 10 Jun 2022)
Changed paths:
M providers/implementations/macs/hmac_prov.c
Log Message:
-----------
Fix a use after free in error handling of hmac_dup
dst->digest needs to be zeroized in case HMAC_CTX_copy
or ossl_prov_digest_copy return failure.
Fixes #18493
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18502)
More information about the openssl-commits
mailing list