commit | 47b2fefb03122e49375a252698c857e477c8cf35 | [log] [tgz] |
---|---|---|
author | Nicky Mouha <nmouha@gmail.com> | Wed May 17 18:07:00 2023 -0400 |
committer | David Benjamin <davidben@google.com> | Thu May 18 23:05:56 2023 +0000 |
tree | 5d99a0c6a6ed3dd0f2df4e270357ac4d8948519f | |
parent | dd5219451c3ce26221762a15d867edf43b463bb2 [diff] |
Update hkdf.c to avoid potentially vulnerable code pattern. Change-Id: I190fcdb0b9667b0ac6f490b36edc63237af7fffb Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/59905 Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/crypto/fipsmodule/hkdf/hkdf.c b/crypto/fipsmodule/hkdf/hkdf.c index fa1cc72..c2ebce8 100644 --- a/crypto/fipsmodule/hkdf/hkdf.c +++ b/crypto/fipsmodule/hkdf/hkdf.c
@@ -94,7 +94,7 @@ } todo = digest_len; - if (done + todo > out_len) { + if (todo > out_len - done) { todo = out_len - done; } OPENSSL_memcpy(out_key + done, previous, todo);