From 73505920a70e33977e84c69b4c3c598f683b7526 Mon Sep 17 00:00:00 2001 From: Ondrej Kos Date: Fri, 7 Sep 2012 10:47:03 +0200 Subject: Out-of-bounds read fix in hmac-sha-1 --- src/util/crypto/nss/nss_hmac_sha1.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/util/crypto/nss/nss_hmac_sha1.c b/src/util/crypto/nss/nss_hmac_sha1.c index 6faa09ae..7074fe76 100644 --- a/src/util/crypto/nss/nss_hmac_sha1.c +++ b/src/util/crypto/nss/nss_hmac_sha1.c @@ -63,7 +63,9 @@ int sss_hmac_sha1(const unsigned char *key, } else { /* keys shorter than blocksize are zero-padded */ memcpy(ikey, key, key_len); - memset(ikey + key_len, 0, HMAC_SHA1_BLOCKSIZE - key_len); + if (key_len != HMAC_SHA1_BLOCKSIZE) { + memset(ikey + key_len, 0, HMAC_SHA1_BLOCKSIZE - key_len); + } } /* HMAC(key, msg) = HASH(key XOR opad, HASH(key XOR ipad, msg)) */ -- cgit