Welcome! Log In Create A New Profile

[njs] Fixed heap-buffer-overflow in crypto.createHmac().

Forum List Message List New Topic Print View

Dmitry Volyntsev

June 15, 2018 10:08AM

details: http://hg.nginx.org/njs/rev/e99e0a7f4fae
branches:
changeset: 536:e99e0a7f4fae
user: Dmitry Volyntsev <xeioex@nginx.com>
date: Wed Jun 13 19:38:47 2018 +0300
description:
Fixed heap-buffer-overflow in crypto.createHmac().

diffstat:

njs/njs_crypto.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)

diffs (21 lines):

diff -r c939541c37bc -r e99e0a7f4fae njs/njs_crypto.c
--- a/njs/njs_crypto.c Wed Jun 13 14:15:43 2018 +0300
+++ b/njs/njs_crypto.c Wed Jun 13 19:38:47 2018 +0300
@@ -417,7 +417,7 @@ njs_crypto_create_hmac(njs_vm_t *vm, njs

ctx->alg = alg;

- if (key.length > 64) {
+ if (key.length > sizeof(key_buf)) {
alg->init(&ctx->u);
alg->update(&ctx->u, key.start, key.length);
alg->final(digest, &ctx->u);
@@ -426,7 +426,7 @@ njs_crypto_create_hmac(njs_vm_t *vm, njs
memset(key_buf + alg->size, 0, sizeof(key_buf) - alg->size);

} else {
- memcpy(key_buf, key.start, sizeof(key_buf));
+ memcpy(key_buf, key.start, key.length);
memset(key_buf + key.length, 0, sizeof(key_buf) - key.length);
}

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
[njs] Fixed heap-buffer-overflow in crypto.createHmac().	Dmitry Volyntsev	363	June 15, 2018 10:08AM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 175

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018