[openssl/openssl] d12cde: Update hkdf.c to avoid potentially vulnerable code...

Nicky Mouha noreply at github.com
Fri May 19 10:45:19 UTC 2023


  Branch: refs/heads/openssl-3.0
  Home:   https://github.com/openssl/openssl
  Commit: d12cde7fc5561d463badcd8a73079cf92864c31e
      https://github.com/openssl/openssl/commit/d12cde7fc5561d463badcd8a73079cf92864c31e
  Author: Nicky Mouha <nmouha at users.noreply.github.com>
  Date:   2023-05-19 (Fri, 19 May 2023)

  Changed paths:
    M providers/implementations/kdfs/hkdf.c

  Log Message:
  -----------
  Update hkdf.c to avoid potentially vulnerable code pattern

The expression "if (a+b>c) a=c-b" is incorrect if "a+b" overflows.
It should be replaced by "if (a>c-b) a=c-b", which avoids the
potential overflow and is much easier to understand.

This pattern is the root cause of CVE-2022-37454, a buffer overflow
vulnerability in the "official" SHA-3 implementation.

It has been confirmed that the addition in
https://github.com/openssl/openssl/blob/master/providers/implementations/kdfs/hkdf.c#L534
cannot overflow. So this is only a minor change proposal to avoid
a potentially vulnerable code pattern and to improve readability.
More information: https://github.com/github/codeql/pull/12036#issuecomment-1466056959

CLA: trivial

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20990)

(cherry picked from commit 56a51b5a1ecd54eadc80bed4bfe5044a340787c1)




More information about the openssl-commits mailing list