Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
mozilla-nss.1743
nss-missing_alloc_check_DH_KEA_Derive.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File nss-missing_alloc_check_DH_KEA_Derive.patch of Package mozilla-nss.1743
# HG changeset patch # Parent 6c0ce000e109da721e5f5ebac76068693e37d80f # Parent 2145599fc8266622d280ae8ca3f75863e4ba1f3d add checks to allocations of SECItems in DH/KEA_Derive diff --git a/lib/freebl/dh.c b/lib/freebl/dh.c --- a/lib/freebl/dh.c +++ b/lib/freebl/dh.c @@ -254,30 +254,37 @@ DH_Derive(SECItem *publicValue, /* number of bytes in the derived secret */ len = mp_unsigned_octet_size(&ZZ); if (len <= 0) { err = MP_BADARG; goto cleanup; } /* allocate a buffer which can hold the entire derived secret. */ secret = PORT_Alloc(len); + if (!secret) { + err = MP_MEM; + goto cleanup; + } /* grab the derived secret */ err = mp_to_unsigned_octets(&ZZ, secret, len); if (err >= 0) err = MP_OKAY; /* ** if outBytes is 0 take all of the bytes from the derived secret. ** if outBytes is not 0 take exactly outBytes from the derived secret, zero ** pad at the beginning if necessary, and truncate beginning bytes ** if necessary. */ if (outBytes > 0) nb = outBytes; else nb = len; - SECITEM_AllocItem(NULL, derivedSecret, nb); + if (!SECITEM_AllocItem(NULL, derivedSecret, nb)) { + err = MP_MEM; + goto cleanup; + } if (len < nb) { unsigned int offset = nb - len; memset(derivedSecret->data, 0, offset); memcpy(derivedSecret->data + offset, secret, len); } else { memcpy(derivedSecret->data, secret + len - nb, nb); } cleanup: @@ -342,21 +349,28 @@ KEA_Derive(SECItem *prime, CHECK_MPI_OK( mp_exptmod(&Y, &r, &p, &t) ); /* u = DH(R, x, p) = R ** x mod p */ CHECK_MPI_OK( mp_exptmod(&R, &x, &p, &u) ); /* w = (t + u) mod p */ CHECK_MPI_OK( mp_addmod(&t, &u, &p, &w) ); /* allocate a buffer for the full derived secret */ len = mp_unsigned_octet_size(&w); secret = PORT_Alloc(len); + if (!secret) { + err = MP_MEM; + goto cleanup; + } /* grab the secret */ err = mp_to_unsigned_octets(&w, secret, len); if (err > 0) err = MP_OKAY; /* allocate output buffer */ - SECITEM_AllocItem(NULL, derivedSecret, KEA_DERIVED_SECRET_LEN); + if (!SECITEM_AllocItem(NULL, derivedSecret, KEA_DERIVED_SECRET_LEN)) { + err = MP_MEM; + goto cleanup; + } memset(derivedSecret->data, 0, derivedSecret->len); /* copy in the 128 lsb of the secret */ if (len >= KEA_DERIVED_SECRET_LEN) { memcpy(derivedSecret->data, secret + (len - KEA_DERIVED_SECRET_LEN), KEA_DERIVED_SECRET_LEN); } else { offset = KEA_DERIVED_SECRET_LEN - len; memcpy(derivedSecret->data + offset, secret, len);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor