romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-14 22:11:45 +03:00
Code Issues Projects Releases Packages Wiki Activity

lib: accept larger input to md5/hmac/sha256/sha512 functions

Browse source 
Avoid unchecked data conversions from size_t to unsigned int.

Reported-by: James Fuller
Closes #21174
This commit is contained in:
Daniel Stenberg 2026-03-31 11:22:34 +02:00
parent 1570091f10
commit dd7fcd581f
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
7 changed files with 41 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

22
lib/hmac.c
View file

@ -98,13 +98,12 @@ fail:
return NULL;
}
int Curl_HMAC_update(struct HMAC_context *ctxt,
const unsigned char *data,
unsigned int len)
void Curl_HMAC_update(struct HMAC_context *ctxt,
const unsigned char *data,
unsigned int len)
{
/* Update first hash calculation. */
ctxt->hash->hupdate(ctxt->hashctxt1, data, len);
return 0;
}
int Curl_HMAC_final(struct HMAC_context *ctxt, unsigned char *output)
@ -143,17 +142,24 @@ int Curl_HMAC_final(struct HMAC_context *ctxt, unsigned char *output)
*/
CURLcode Curl_hmacit(const struct HMAC_params *hashparams,
const unsigned char *key, const size_t keylen,
const unsigned char *data, const size_t datalen,
const unsigned char *data, size_t datalen,
unsigned char *output)
{
struct HMAC_context *ctxt =
Curl_HMAC_init(hashparams, key, curlx_uztoui(keylen));
struct HMAC_context *ctxt;
if(keylen > UINT_MAX) /* unlikely to ever happen */
return CURLE_BAD_FUNCTION_ARGUMENT;
ctxt = Curl_HMAC_init(hashparams, key, curlx_uztoui(keylen));
if(!ctxt)
return CURLE_OUT_OF_MEMORY;
/* Update the digest with the given challenge */
Curl_HMAC_update(ctxt, data, curlx_uztoui(datalen));
do {
unsigned int ilen = (unsigned int) CURLMIN(datalen, UINT_MAX);
Curl_HMAC_update(ctxt, data, ilen);
datalen -= ilen;
data += ilen;
} while(datalen);
/* Finalise the digest */
Curl_HMAC_final(ctxt, output);