summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorOndrej Kos <okos@redhat.com>2012-09-07 10:47:03 +0200
committerJakub Hrozek <jhrozek@redhat.com>2012-09-07 14:06:52 +0200
commit73505920a70e33977e84c69b4c3c598f683b7526 (patch)
tree99ccc3eb502b9fb6ecc7faa05e5dac73ebd747be
parent38c17ce78d1336c04f26595467722da6b2a67512 (diff)
downloadsssd-73505920a70e33977e84c69b4c3c598f683b7526.tar.gz
sssd-73505920a70e33977e84c69b4c3c598f683b7526.tar.xz
sssd-73505920a70e33977e84c69b4c3c598f683b7526.zip
Out-of-bounds read fix in hmac-sha-1
-rw-r--r--src/util/crypto/nss/nss_hmac_sha1.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/src/util/crypto/nss/nss_hmac_sha1.c b/src/util/crypto/nss/nss_hmac_sha1.c
index 6faa09aee..7074fe766 100644
--- a/src/util/crypto/nss/nss_hmac_sha1.c
+++ b/src/util/crypto/nss/nss_hmac_sha1.c
@@ -63,7 +63,9 @@ int sss_hmac_sha1(const unsigned char *key,
} else {
/* keys shorter than blocksize are zero-padded */
memcpy(ikey, key, key_len);
- memset(ikey + key_len, 0, HMAC_SHA1_BLOCKSIZE - key_len);
+ if (key_len != HMAC_SHA1_BLOCKSIZE) {
+ memset(ikey + key_len, 0, HMAC_SHA1_BLOCKSIZE - key_len);
+ }
}
/* HMAC(key, msg) = HASH(key XOR opad, HASH(key XOR ipad, msg)) */