[njs] Fixed heap-buffer-overflow in crypto.createHmac().

Dmitry Volyntsev xeioex at nginx.com
Fri Jun 15 14:05:59 UTC 2018


details:   http://hg.nginx.org/njs/rev/e99e0a7f4fae
branches:  
changeset: 536:e99e0a7f4fae
user:      Dmitry Volyntsev <xeioex at nginx.com>
date:      Wed Jun 13 19:38:47 2018 +0300
description:
Fixed heap-buffer-overflow in crypto.createHmac().

diffstat:

 njs/njs_crypto.c |  4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diffs (21 lines):

diff -r c939541c37bc -r e99e0a7f4fae njs/njs_crypto.c
--- a/njs/njs_crypto.c	Wed Jun 13 14:15:43 2018 +0300
+++ b/njs/njs_crypto.c	Wed Jun 13 19:38:47 2018 +0300
@@ -417,7 +417,7 @@ njs_crypto_create_hmac(njs_vm_t *vm, njs
 
     ctx->alg = alg;
 
-    if (key.length > 64) {
+    if (key.length > sizeof(key_buf)) {
         alg->init(&ctx->u);
         alg->update(&ctx->u, key.start, key.length);
         alg->final(digest, &ctx->u);
@@ -426,7 +426,7 @@ njs_crypto_create_hmac(njs_vm_t *vm, njs
         memset(key_buf + alg->size, 0, sizeof(key_buf) - alg->size);
 
     } else {
-        memcpy(key_buf, key.start, sizeof(key_buf));
+        memcpy(key_buf, key.start, key.length);
         memset(key_buf + key.length, 0, sizeof(key_buf) - key.length);
     }
 


More information about the nginx-devel mailing list