[njs] Fixed heap-buffer-overflow in crypto.createHmac().
Dmitry Volyntsev
xeioex at nginx.com
Fri Jun 15 14:05:59 UTC 2018
details: http://hg.nginx.org/njs/rev/e99e0a7f4fae
branches:
changeset: 536:e99e0a7f4fae
user: Dmitry Volyntsev <xeioex at nginx.com>
date: Wed Jun 13 19:38:47 2018 +0300
description:
Fixed heap-buffer-overflow in crypto.createHmac().
diffstat:
njs/njs_crypto.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diffs (21 lines):
diff -r c939541c37bc -r e99e0a7f4fae njs/njs_crypto.c
--- a/njs/njs_crypto.c Wed Jun 13 14:15:43 2018 +0300
+++ b/njs/njs_crypto.c Wed Jun 13 19:38:47 2018 +0300
@@ -417,7 +417,7 @@ njs_crypto_create_hmac(njs_vm_t *vm, njs
ctx->alg = alg;
- if (key.length > 64) {
+ if (key.length > sizeof(key_buf)) {
alg->init(&ctx->u);
alg->update(&ctx->u, key.start, key.length);
alg->final(digest, &ctx->u);
@@ -426,7 +426,7 @@ njs_crypto_create_hmac(njs_vm_t *vm, njs
memset(key_buf + alg->size, 0, sizeof(key_buf) - alg->size);
} else {
- memcpy(key_buf, key.start, sizeof(key_buf));
+ memcpy(key_buf, key.start, key.length);
memset(key_buf + key.length, 0, sizeof(key_buf) - key.length);
}
More information about the nginx-devel
mailing list