luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

vtls_cache: bail out proper if Curl_hmacit() fails

Browse Source 
Pointed out by CodeSonar

Closes #15790
This commit is contained in:
Daniel Stenberg 2024-12-21 10:54:28 +01:00
parent e5bd6246e4
commit 3428b8ad1c
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/vtls/vtls_scache.c
View File

@ -591,12 +591,14 @@ static CURLcode cf_ssl_find_peer(struct Curl_cfilter *cf,
unsigned char my_hmac[CURL_SHA256_DIGEST_LENGTH];
if(!peer_key_len) /* we are lazy */
peer_key_len = strlen(ssl_peer_key);
(void)Curl_hmacit(&Curl_HMAC_SHA256,
scache->peers[i].key_salt,
sizeof(scache->peers[i].key_salt),
(const unsigned char *)ssl_peer_key,
peer_key_len,
my_hmac);
result = Curl_hmacit(&Curl_HMAC_SHA256,
scache->peers[i].key_salt,
sizeof(scache->peers[i].key_salt),
(const unsigned char *)ssl_peer_key,
peer_key_len,
my_hmac);
if(result)
goto out;
if(!memcmp(scache->peers[i].key_hmac, my_hmac, sizeof(my_hmac))) {
/* remember peer_key for future lookups */
scache->peers[i].ssl_peer_key = strdup(ssl_peer_key);