luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

crypto: ensure crypto initialization works

Browse Source 
Make sure that context initialization during hash setup works to avoid
going forward with the risk of a null pointer dereference.

Reported-by: Philippe Antoine on HackerOne
Assisted-by: Jay Satiro
Assisted-by: Daniel Stenberg

Closes #11614
This commit is contained in:
Daniel Gustafsson 2023-03-10 10:01:44 +01:00 committed by Daniel Stenberg
parent bec0c5bbf3
commit 22eb9893bc
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
7 changed files with 58 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/curl_md4.h
View File

@ -25,13 +25,14 @@
***************************************************************************/ ***************************************************************************/
#include "curl_setup.h" #include "curl_setup.h"
#include <curl/curl.h>
#if !defined(CURL_DISABLE_CRYPTO_AUTH) #if !defined(CURL_DISABLE_CRYPTO_AUTH)
#define MD4_DIGEST_LENGTH 16 #define MD4_DIGEST_LENGTH 16
void Curl_md4it(unsigned char *output, const unsigned char *input, CURLcode Curl_md4it(unsigned char *output, const unsigned char *input,
const size_t len); const size_t len);
#endif /* !defined(CURL_DISABLE_CRYPTO_AUTH) */ #endif /* !defined(CURL_DISABLE_CRYPTO_AUTH) */

8
lib/curl_ntlm_core.c
View File

@ -419,6 +419,7 @@ CURLcode Curl_ntlm_core_mk_nt_hash(const char *password,
{ {
size_t len = strlen(password); size_t len = strlen(password);
unsigned char *pw; unsigned char *pw;
CURLcode result;
if(len > SIZE_T_MAX/2) /* avoid integer overflow */ if(len > SIZE_T_MAX/2) /* avoid integer overflow */
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
pw = len ? malloc(len * 2) : (unsigned char *)strdup(""); pw = len ? malloc(len * 2) : (unsigned char *)strdup("");
@ -428,12 +429,13 @@ CURLcode Curl_ntlm_core_mk_nt_hash(const char *password,
ascii_to_unicode_le(pw, password, len); ascii_to_unicode_le(pw, password, len);
/* Create NT hashed password. */ /* Create NT hashed password. */
Curl_md4it(ntbuffer, pw, 2 * len); result = Curl_md4it(ntbuffer, pw, 2 * len);
memset(ntbuffer + 16, 0, 21 - 16); if(!result)
memset(ntbuffer + 16, 0, 21 - 16);
free(pw); free(pw);
return CURLE_OK; return result;
} }
#if !defined(USE_WINDOWS_SSPI) #if !defined(USE_WINDOWS_SSPI)

42
lib/md4.c
View File

@ -42,6 +42,7 @@
#ifdef USE_WOLFSSL #ifdef USE_WOLFSSL
#include <wolfssl/options.h> #include <wolfssl/options.h>
#define VOID_MD4_INIT
#ifdef NO_MD4 #ifdef NO_MD4
#define WOLFSSL_NO_MD4 #define WOLFSSL_NO_MD4
#endif #endif
@ -92,9 +93,10 @@
typedef struct md4_ctx MD4_CTX; typedef struct md4_ctx MD4_CTX;
static void MD4_Init(MD4_CTX *ctx) static int MD4_Init(MD4_CTX *ctx)
{ {
md4_init(ctx); md4_init(ctx);
return 1;
} }
static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size) static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size)
@ -114,9 +116,9 @@ static void MD4_Final(unsigned char *result, MD4_CTX *ctx)
#elif defined(AN_APPLE_OS) #elif defined(AN_APPLE_OS)
typedef CC_MD4_CTX MD4_CTX; typedef CC_MD4_CTX MD4_CTX;
static void MD4_Init(MD4_CTX *ctx) static int MD4_Init(MD4_CTX *ctx)
{ {
(void)CC_MD4_Init(ctx); return CC_MD4_Init(ctx);
} }
static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size) static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size)
@ -137,15 +139,22 @@ struct md4_ctx {
}; };
typedef struct md4_ctx MD4_CTX; typedef struct md4_ctx MD4_CTX;
static void MD4_Init(MD4_CTX *ctx) static int MD4_Init(MD4_CTX *ctx)
{ {
ctx->hCryptProv = 0; ctx->hCryptProv = 0;
ctx->hHash = 0; ctx->hHash = 0;
if(CryptAcquireContext(&ctx->hCryptProv, NULL, NULL, PROV_RSA_FULL, if(!CryptAcquireContext(&ctx->hCryptProv, NULL, NULL, PROV_RSA_FULL,
CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) { CRYPT_VERIFYCONTEXT | CRYPT_SILENT))
CryptCreateHash(ctx->hCryptProv, CALG_MD4, 0, 0, &ctx->hHash); return 0;
if(!CryptCreateHash(ctx->hCryptProv, CALG_MD4, 0, 0, &ctx->hHash)) {
CryptReleaseContext(ctx->hCryptProv, 0);
ctx->hCryptProv = 0;
return 0;
} }
return 1;
} }
static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size) static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size)
@ -176,10 +185,11 @@ struct md4_ctx {
}; };
typedef struct md4_ctx MD4_CTX; typedef struct md4_ctx MD4_CTX;
static void MD4_Init(MD4_CTX *ctx) static int MD4_Init(MD4_CTX *ctx)
{ {
ctx->data = NULL; ctx->data = NULL;
ctx->size = 0; ctx->size = 0;
return 1;
} }
static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size) static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size)
@ -258,7 +268,7 @@ struct md4_ctx {
}; };
typedef struct md4_ctx MD4_CTX; typedef struct md4_ctx MD4_CTX;
static void MD4_Init(MD4_CTX *ctx); static int MD4_Init(MD4_CTX *ctx);
static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size); static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size);
static void MD4_Final(unsigned char *result, MD4_CTX *ctx); static void MD4_Final(unsigned char *result, MD4_CTX *ctx);
@ -397,7 +407,7 @@ static const void *body(MD4_CTX *ctx, const void *data, unsigned long size)
return ptr; return ptr;
} }
static void MD4_Init(MD4_CTX *ctx) static int MD4_Init(MD4_CTX *ctx)
{ {
ctx->a = 0x67452301; ctx->a = 0x67452301;
ctx->b = 0xefcdab89; ctx->b = 0xefcdab89;
@ -406,6 +416,7 @@ static void MD4_Init(MD4_CTX *ctx)
ctx->lo = 0; ctx->lo = 0;
ctx->hi = 0; ctx->hi = 0;
return 1;
} }
static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size) static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size)
@ -496,14 +507,21 @@ static void MD4_Final(unsigned char *result, MD4_CTX *ctx)
#endif /* CRYPTO LIBS */ #endif /* CRYPTO LIBS */
void Curl_md4it(unsigned char *output, const unsigned char *input, CURLcode Curl_md4it(unsigned char *output, const unsigned char *input,
const size_t len) const size_t len)
{ {
MD4_CTX ctx; MD4_CTX ctx;
#ifdef VOID_MD4_INIT
MD4_Init(&ctx); MD4_Init(&ctx);
#else
if(!MD4_Init(&ctx))
return CURLE_FAILED_INIT;
#endif
MD4_Update(&ctx, input, curlx_uztoui(len)); MD4_Update(&ctx, input, curlx_uztoui(len));
MD4_Final(output, &ctx); MD4_Final(output, &ctx);
return CURLE_OK;
} }
#endif /* USE_CURL_NTLM_CORE */ #endif /* USE_CURL_NTLM_CORE */

3
lib/md5.c
View File

@ -213,7 +213,8 @@ static CURLcode my_md5_init(my_md5_ctx *ctx)
if(!CryptCreateHash(ctx->hCryptProv, CALG_MD5, 0, 0, &ctx->hHash)) { if(!CryptCreateHash(ctx->hCryptProv, CALG_MD5, 0, 0, &ctx->hHash)) {
CryptReleaseContext(ctx->hCryptProv, 0); CryptReleaseContext(ctx->hCryptProv, 0);
return CURLE_OUT_OF_MEMORY; ctx->hCryptProv = 0;
return CURLE_FAILED_INIT;
} }
return CURLE_OK; return CURLE_OK;

16
lib/sha256.c
View File

@ -110,7 +110,10 @@ static CURLcode my_sha256_init(my_sha256_ctx *ctx)
if(!ctx->openssl_ctx) if(!ctx->openssl_ctx)
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
EVP_DigestInit_ex(ctx->openssl_ctx, EVP_sha256(), NULL); if(!EVP_DigestInit_ex(ctx->openssl_ctx, EVP_sha256(), NULL)) {
EVP_MD_CTX_destroy(ctx->openssl_ctx);
return CURLE_FAILED_INIT;
}
return CURLE_OK; return CURLE_OK;
} }
@ -218,9 +221,14 @@ typedef struct sha256_ctx my_sha256_ctx;
static CURLcode my_sha256_init(my_sha256_ctx *ctx) static CURLcode my_sha256_init(my_sha256_ctx *ctx)
{ {
if(CryptAcquireContext(&ctx->hCryptProv, NULL, NULL, PROV_RSA_AES, if(!CryptAcquireContext(&ctx->hCryptProv, NULL, NULL, PROV_RSA_AES,
CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) { CRYPT_VERIFYCONTEXT | CRYPT_SILENT))
CryptCreateHash(ctx->hCryptProv, CALG_SHA_256, 0, 0, &ctx->hHash); return CURLE_OUT_OF_MEMORY;
if(!CryptCreateHash(ctx->hCryptProv, CALG_SHA_256, 0, 0, &ctx->hHash)) {
CryptReleaseContext(ctx->hCryptProv, 0);
ctx->hCryptProv = 0;
return CURLE_FAILED_INIT;
} }
return CURLE_OK; return CURLE_OK;

5
lib/vtls/openssl.c
View File

@ -4730,7 +4730,10 @@ static CURLcode ossl_sha256sum(const unsigned char *tmp, /* input */
mdctx = EVP_MD_CTX_create(); mdctx = EVP_MD_CTX_create();
if(!mdctx) if(!mdctx)
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
EVP_DigestInit(mdctx, EVP_sha256()); if(!EVP_DigestInit(mdctx, EVP_sha256())) {
EVP_MD_CTX_destroy(mdctx);
return CURLE_FAILED_INIT;
}
EVP_DigestUpdate(mdctx, tmp, tmplen); EVP_DigestUpdate(mdctx, tmp, tmplen);
EVP_DigestFinal_ex(mdctx, sha256sum, &len); EVP_DigestFinal_ex(mdctx, sha256sum, &len);
EVP_MD_CTX_destroy(mdctx); EVP_MD_CTX_destroy(mdctx);

3
lib/vtls/wolfssl.c
View File

@ -1352,7 +1352,8 @@ static CURLcode wolfssl_sha256sum(const unsigned char *tmp, /* input */
{ {
wc_Sha256 SHA256pw; wc_Sha256 SHA256pw;
(void)unused; (void)unused;
wc_InitSha256(&SHA256pw); if(wc_InitSha256(&SHA256pw))
return CURLE_FAILED_INIT;
wc_Sha256Update(&SHA256pw, tmp, (word32)tmplen); wc_Sha256Update(&SHA256pw, tmp, (word32)tmplen);
wc_Sha256Final(&SHA256pw, sha256sum); wc_Sha256Final(&SHA256pw, sha256sum);
return CURLE_OK; return CURLE_OK;