mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-01 19:28:10 +08:00
Code Issues Packages Projects Releases Wiki Activity

crypto/pkcs12/p12_mutl.c: Add check and EVP_MD_free() for EVP_MD_fetch()

Browse Source 
Add check and EVP_MD_free() for EVP_MD_fetch() to avoid NULL pointer
dereference and memory leak, like "md_fetch".

Fixes: fe79159be0 ("Implementation of the RFC 9579, PBMAC1 in PKCS#12")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@outlook.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25370)
This commit is contained in:
Jiasheng Jiang 2024-09-03 19:18:47 +00:00 committed by Tomas Mraz
parent 8439337036
commit f60b3c5fdc
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
crypto/pkcs12/p12_mutl.c
View File

@ -236,6 +236,8 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
if (OBJ_obj2txt(hmac_md_name, sizeof(hmac_md_name), OBJ_nid2obj(pbmac1_kdf_nid), 0) < 0) if (OBJ_obj2txt(hmac_md_name, sizeof(hmac_md_name), OBJ_nid2obj(pbmac1_kdf_nid), 0) < 0)
goto err; goto err;
hmac_md = EVP_MD_fetch(NULL, hmac_md_name, NULL); hmac_md = EVP_MD_fetch(NULL, hmac_md_name, NULL);
if (hmac_md == NULL)
goto err;
fetched = 1; fetched = 1;
} }
if (pkcs12_key_gen != NULL) { if (pkcs12_key_gen != NULL) {
@ -249,6 +251,8 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
goto err; goto err;
} }
} else { } else {
if (fetched)
EVP_MD_free(hmac_md);
/* Default to UTF-8 password */ /* Default to UTF-8 password */
if (!PKCS12_key_gen_utf8_ex(pass, passlen, salt, saltlen, PKCS12_MAC_ID, if (!PKCS12_key_gen_utf8_ex(pass, passlen, salt, saltlen, PKCS12_MAC_ID,
iter, keylen, key, md, iter, keylen, key, md,