motorhead/qemu
1
0
Fork 0
mirror of https://github.com/Motorhead1991/qemu.git synced 2025-08-03 07:43:54 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

crypto/hash: avoid overwriting user supplied result pointer

Browse source 
If the user provides a pre-allocated buffer for the hash result,
we must use that rather than re-allocating a new buffer.

Reported-by: Dorjoy Chowdhury <dorjoychy111@gmail.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrangé 2024-10-15 13:25:36 +01:00
parent b5b89e9bc6
commit dde538c9a7
4 changed files with 44 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

15
crypto/hash-gcrypt.c
View file

@ -103,16 +103,25 @@ int qcrypto_gcrypt_hash_finalize(QCryptoHash *hash,
size_t *result_len,
Error **errp)
{
int ret;
unsigned char *digest;
gcry_md_hd_t *ctx = hash->opaque;
*result_len = gcry_md_get_algo_dlen(qcrypto_hash_alg_map[hash->alg]);
if (*result_len == 0) {
ret = gcry_md_get_algo_dlen(qcrypto_hash_alg_map[hash->alg]);
if (ret == 0) {
error_setg(errp, "Unable to get hash length");
return -1;
}
*result = g_new(uint8_t, *result_len);
if (*result_len == 0) {
*result_len = ret;
*result = g_new(uint8_t, *result_len);
} else if (*result_len != ret) {
error_setg(errp,
"Result buffer size %zu is smaller than hash %d",
*result_len, ret);
return -1;
}
/* Digest is freed by gcry_md_close(), copy it */
digest = gcry_md_read(*ctx, 0);