diff options
| author | Daniel P. Berrangé <berrange@redhat.com> | 2024-10-15 13:25:36 +0100 |
|---|---|---|
| committer | Daniel P. Berrangé <berrange@redhat.com> | 2024-10-22 11:44:23 +0100 |
| commit | dde538c9a76f328a92c532893e97e18785d57364 (patch) | |
| tree | 9672a4c5ebf610bfe20731adaba59df44c2c91ae /crypto/hash-gcrypt.c | |
| parent | b5b89e9bc6a20677ff59e5049ba6b89a68105b5e (diff) | |
| download | focaccia-qemu-dde538c9a76f328a92c532893e97e18785d57364.tar.gz focaccia-qemu-dde538c9a76f328a92c532893e97e18785d57364.zip | |
crypto/hash: avoid overwriting user supplied result pointer
If the user provides a pre-allocated buffer for the hash result, we must use that rather than re-allocating a new buffer. Reported-by: Dorjoy Chowdhury <dorjoychy111@gmail.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Diffstat (limited to 'crypto/hash-gcrypt.c')
| -rw-r--r-- | crypto/hash-gcrypt.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/crypto/hash-gcrypt.c b/crypto/hash-gcrypt.c index ccc3cce3f8..73533a4949 100644 --- a/crypto/hash-gcrypt.c +++ b/crypto/hash-gcrypt.c @@ -103,16 +103,25 @@ int qcrypto_gcrypt_hash_finalize(QCryptoHash *hash, size_t *result_len, Error **errp) { + int ret; unsigned char *digest; gcry_md_hd_t *ctx = hash->opaque; - *result_len = gcry_md_get_algo_dlen(qcrypto_hash_alg_map[hash->alg]); - if (*result_len == 0) { + ret = gcry_md_get_algo_dlen(qcrypto_hash_alg_map[hash->alg]); + if (ret == 0) { error_setg(errp, "Unable to get hash length"); return -1; } - *result = g_new(uint8_t, *result_len); + if (*result_len == 0) { + *result_len = ret; + *result = g_new(uint8_t, *result_len); + } else if (*result_len != ret) { + error_setg(errp, + "Result buffer size %zu is smaller than hash %d", + *result_len, ret); + return -1; + } /* Digest is freed by gcry_md_close(), copy it */ digest = gcry_md_read(*ctx, 0); |