mirror of
https://github.com/curl/curl.git
synced 2025-01-30 14:22:33 +08:00
crypto: ensure crypto initialization works
Make sure that context initialization during hash setup works to avoid going forward with the risk of a null pointer dereference. Reported-by: Philippe Antoine on HackerOne Assisted-by: Jay Satiro Assisted-by: Daniel Stenberg Closes #11614
This commit is contained in:
Daniel Gustafsson
Daniel Stenberg
parent
bec0c5bbf3
commit
22eb9893bc
@ -25,12 +25,13 @@
|
||||
***************************************************************************/
|
||||
|
||||
#include "curl_setup.h"
|
||||
#include <curl/curl.h>
|
||||
|
||||
#if !defined(CURL_DISABLE_CRYPTO_AUTH)
|
||||
|
||||
#define MD4_DIGEST_LENGTH 16
|
||||
|
||||
void Curl_md4it(unsigned char *output, const unsigned char *input,
|
||||
CURLcode Curl_md4it(unsigned char *output, const unsigned char *input,
|
||||
const size_t len);
|
||||
|
||||
#endif /* !defined(CURL_DISABLE_CRYPTO_AUTH) */
|
||||
|
||||
@ -419,6 +419,7 @@ CURLcode Curl_ntlm_core_mk_nt_hash(const char *password,
|
||||
{
|
||||
size_t len = strlen(password);
|
||||
unsigned char *pw;
|
||||
CURLcode result;
|
||||
if(len > SIZE_T_MAX/2) /* avoid integer overflow */
|
||||
return CURLE_OUT_OF_MEMORY;
|
||||
pw = len ? malloc(len * 2) : (unsigned char *)strdup("");
|
||||
@ -428,12 +429,13 @@ CURLcode Curl_ntlm_core_mk_nt_hash(const char *password,
|
||||
ascii_to_unicode_le(pw, password, len);
|
||||
|
||||
/* Create NT hashed password. */
|
||||
Curl_md4it(ntbuffer, pw, 2 * len);
|
||||
result = Curl_md4it(ntbuffer, pw, 2 * len);
|
||||
if(!result)
|
||||
memset(ntbuffer + 16, 0, 21 - 16);
|
||||
|
||||
free(pw);
|
||||
|
||||
return CURLE_OK;
|
||||
return result;
|
||||
}
|
||||
|
||||
#if !defined(USE_WINDOWS_SSPI)
|
||||
|
||||
40
lib/md4.c
40
lib/md4.c
@ -42,6 +42,7 @@
|
||||
|
||||
#ifdef USE_WOLFSSL
|
||||
#include <wolfssl/options.h>
|
||||
#define VOID_MD4_INIT
|
||||
#ifdef NO_MD4
|
||||
#define WOLFSSL_NO_MD4
|
||||
#endif
|
||||
@ -92,9 +93,10 @@
|
||||
|
||||
typedef struct md4_ctx MD4_CTX;
|
||||
|
||||
static void MD4_Init(MD4_CTX *ctx)
|
||||
static int MD4_Init(MD4_CTX *ctx)
|
||||
{
|
||||
md4_init(ctx);
|
||||
return 1;
|
||||
}
|
||||
|
||||
static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size)
|
||||
@ -114,9 +116,9 @@ static void MD4_Final(unsigned char *result, MD4_CTX *ctx)
|
||||
#elif defined(AN_APPLE_OS)
|
||||
typedef CC_MD4_CTX MD4_CTX;
|
||||
|
||||
static void MD4_Init(MD4_CTX *ctx)
|
||||
static int MD4_Init(MD4_CTX *ctx)
|
||||
{
|
||||
(void)CC_MD4_Init(ctx);
|
||||
return CC_MD4_Init(ctx);
|
||||
}
|
||||
|
||||
static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size)
|
||||
@ -137,15 +139,22 @@ struct md4_ctx {
|
||||
};
|
||||
typedef struct md4_ctx MD4_CTX;
|
||||
|
||||
static void MD4_Init(MD4_CTX *ctx)
|
||||
static int MD4_Init(MD4_CTX *ctx)
|
||||
{
|
||||
ctx->hCryptProv = 0;
|
||||
ctx->hHash = 0;
|
||||
|
||||
if(CryptAcquireContext(&ctx->hCryptProv, NULL, NULL, PROV_RSA_FULL,
|
||||
CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
|
||||
CryptCreateHash(ctx->hCryptProv, CALG_MD4, 0, 0, &ctx->hHash);
|
||||
if(!CryptAcquireContext(&ctx->hCryptProv, NULL, NULL, PROV_RSA_FULL,
|
||||
CRYPT_VERIFYCONTEXT | CRYPT_SILENT))
|
||||
return 0;
|
||||
|
||||
if(!CryptCreateHash(ctx->hCryptProv, CALG_MD4, 0, 0, &ctx->hHash)) {
|
||||
CryptReleaseContext(ctx->hCryptProv, 0);
|
||||
ctx->hCryptProv = 0;
|
||||
return 0;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size)
|
||||
@ -176,10 +185,11 @@ struct md4_ctx {
|
||||
};
|
||||
typedef struct md4_ctx MD4_CTX;
|
||||
|
||||
static void MD4_Init(MD4_CTX *ctx)
|
||||
static int MD4_Init(MD4_CTX *ctx)
|
||||
{
|
||||
ctx->data = NULL;
|
||||
ctx->size = 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size)
|
||||
@ -258,7 +268,7 @@ struct md4_ctx {
|
||||
};
|
||||
typedef struct md4_ctx MD4_CTX;
|
||||
|
||||
static void MD4_Init(MD4_CTX *ctx);
|
||||
static int MD4_Init(MD4_CTX *ctx);
|
||||
static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size);
|
||||
static void MD4_Final(unsigned char *result, MD4_CTX *ctx);
|
||||
|
||||
@ -397,7 +407,7 @@ static const void *body(MD4_CTX *ctx, const void *data, unsigned long size)
|
||||
return ptr;
|
||||
}
|
||||
|
||||
static void MD4_Init(MD4_CTX *ctx)
|
||||
static int MD4_Init(MD4_CTX *ctx)
|
||||
{
|
||||
ctx->a = 0x67452301;
|
||||
ctx->b = 0xefcdab89;
|
||||
@ -406,6 +416,7 @@ static void MD4_Init(MD4_CTX *ctx)
|
||||
|
||||
ctx->lo = 0;
|
||||
ctx->hi = 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size)
|
||||
@ -496,14 +507,21 @@ static void MD4_Final(unsigned char *result, MD4_CTX *ctx)
|
||||
|
||||
#endif /* CRYPTO LIBS */
|
||||
|
||||
void Curl_md4it(unsigned char *output, const unsigned char *input,
|
||||
CURLcode Curl_md4it(unsigned char *output, const unsigned char *input,
|
||||
const size_t len)
|
||||
{
|
||||
MD4_CTX ctx;
|
||||
|
||||
#ifdef VOID_MD4_INIT
|
||||
MD4_Init(&ctx);
|
||||
#else
|
||||
if(!MD4_Init(&ctx))
|
||||
return CURLE_FAILED_INIT;
|
||||
#endif
|
||||
|
||||
MD4_Update(&ctx, input, curlx_uztoui(len));
|
||||
MD4_Final(output, &ctx);
|
||||
return CURLE_OK;
|
||||
}
|
||||
|
||||
#endif /* USE_CURL_NTLM_CORE */
|
||||
|
||||
@ -213,7 +213,8 @@ static CURLcode my_md5_init(my_md5_ctx *ctx)
|
||||
|
||||
if(!CryptCreateHash(ctx->hCryptProv, CALG_MD5, 0, 0, &ctx->hHash)) {
|
||||
CryptReleaseContext(ctx->hCryptProv, 0);
|
||||
return CURLE_OUT_OF_MEMORY;
|
||||
ctx->hCryptProv = 0;
|
||||
return CURLE_FAILED_INIT;
|
||||
}
|
||||
|
||||
return CURLE_OK;
|
||||
|
||||
16
lib/sha256.c
16
lib/sha256.c
@ -110,7 +110,10 @@ static CURLcode my_sha256_init(my_sha256_ctx *ctx)
|
||||
if(!ctx->openssl_ctx)
|
||||
return CURLE_OUT_OF_MEMORY;
|
||||
|
||||
EVP_DigestInit_ex(ctx->openssl_ctx, EVP_sha256(), NULL);
|
||||
if(!EVP_DigestInit_ex(ctx->openssl_ctx, EVP_sha256(), NULL)) {
|
||||
EVP_MD_CTX_destroy(ctx->openssl_ctx);
|
||||
return CURLE_FAILED_INIT;
|
||||
}
|
||||
return CURLE_OK;
|
||||
}
|
||||
|
||||
@ -218,9 +221,14 @@ typedef struct sha256_ctx my_sha256_ctx;
|
||||
|
||||
static CURLcode my_sha256_init(my_sha256_ctx *ctx)
|
||||
{
|
||||
if(CryptAcquireContext(&ctx->hCryptProv, NULL, NULL, PROV_RSA_AES,
|
||||
CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
|
||||
CryptCreateHash(ctx->hCryptProv, CALG_SHA_256, 0, 0, &ctx->hHash);
|
||||
if(!CryptAcquireContext(&ctx->hCryptProv, NULL, NULL, PROV_RSA_AES,
|
||||
CRYPT_VERIFYCONTEXT | CRYPT_SILENT))
|
||||
return CURLE_OUT_OF_MEMORY;
|
||||
|
||||
if(!CryptCreateHash(ctx->hCryptProv, CALG_SHA_256, 0, 0, &ctx->hHash)) {
|
||||
CryptReleaseContext(ctx->hCryptProv, 0);
|
||||
ctx->hCryptProv = 0;
|
||||
return CURLE_FAILED_INIT;
|
||||
}
|
||||
|
||||
return CURLE_OK;
|
||||
|
||||
@ -4730,7 +4730,10 @@ static CURLcode ossl_sha256sum(const unsigned char *tmp, /* input */
|
||||
mdctx = EVP_MD_CTX_create();
|
||||
if(!mdctx)
|
||||
return CURLE_OUT_OF_MEMORY;
|
||||
EVP_DigestInit(mdctx, EVP_sha256());
|
||||
if(!EVP_DigestInit(mdctx, EVP_sha256())) {
|
||||
EVP_MD_CTX_destroy(mdctx);
|
||||
return CURLE_FAILED_INIT;
|
||||
}
|
||||
EVP_DigestUpdate(mdctx, tmp, tmplen);
|
||||
EVP_DigestFinal_ex(mdctx, sha256sum, &len);
|
||||
EVP_MD_CTX_destroy(mdctx);
|
||||
|
||||
@ -1352,7 +1352,8 @@ static CURLcode wolfssl_sha256sum(const unsigned char *tmp, /* input */
|
||||
{
|
||||
wc_Sha256 SHA256pw;
|
||||
(void)unused;
|
||||
wc_InitSha256(&SHA256pw);
|
||||
if(wc_InitSha256(&SHA256pw))
|
||||
return CURLE_FAILED_INIT;
|
||||
wc_Sha256Update(&SHA256pw, tmp, (word32)tmplen);
|
||||
wc_Sha256Final(&SHA256pw, sha256sum);
|
||||
return CURLE_OK;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user