Out-of-bounds read fix in hmac-sha-1

author: Ondrej Kos <okos@redhat.com> 2012-09-07 10:47:03 +0200
committer: Jakub Hrozek <jhrozek@redhat.com> 2012-09-07 14:06:52 +0200
commit: 73505920a70e33977e84c69b4c3c598f683b7526 (patch)
tree: 99ccc3eb502b9fb6ecc7faa05e5dac73ebd747be /src/util
parent: 38c17ce78d1336c04f26595467722da6b2a67512 (diff)
download: sssd-73505920a70e33977e84c69b4c3c598f683b7526.tar.gz
sssd-73505920a70e33977e84c69b4c3c598f683b7526.tar.xz
sssd-73505920a70e33977e84c69b4c3c598f683b7526.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/src/util/crypto/nss/nss_hmac_sha1.c b/src/util/crypto/nss/nss_hmac_sha1.c
index 6faa09aee..7074fe766 100644
--- a/src/util/crypto/nss/nss_hmac_sha1.c
+++ b/src/util/crypto/nss/nss_hmac_sha1.c
@@ -63,7 +63,9 @@ int sss_hmac_sha1(const unsigned char *key,
     } else {
         /* keys shorter than blocksize are zero-padded */
         memcpy(ikey, key, key_len);
-        memset(ikey + key_len, 0, HMAC_SHA1_BLOCKSIZE - key_len);
+        if (key_len != HMAC_SHA1_BLOCKSIZE) {
+            memset(ikey + key_len, 0, HMAC_SHA1_BLOCKSIZE - key_len);
+        }
     }
 
     /* HMAC(key, msg) = HASH(key XOR opad, HASH(key XOR ipad, msg)) */
author	Ondrej Kos <okos@redhat.com>	2012-09-07 10:47:03 +0200
committer	Jakub Hrozek <jhrozek@redhat.com>	2012-09-07 14:06:52 +0200
commit	73505920a70e33977e84c69b4c3c598f683b7526 (patch)
tree	99ccc3eb502b9fb6ecc7faa05e5dac73ebd747be /src/util
parent	38c17ce78d1336c04f26595467722da6b2a67512 (diff)
download	sssd-73505920a70e33977e84c69b4c3c598f683b7526.tar.gz sssd-73505920a70e33977e84c69b4c3c598f683b7526.tar.xz sssd-73505920a70e33977e84c69b4c3c598f683b7526.zip