upstream commit

Validate digest arg in ssh_digest_final; from jjelen at redhat.com via bz#2687, ok djm@ Upstream-ID: dbe5494dfddfe523fab341a3dab5a79e7338f878
author: dtucker@openbsd.org <dtucker@openbsd.org> 2017-03-10 03:59:51 +0100
committer: Darren Tucker <dtucker@zip.com.au> 2017-03-10 05:23:17 +0100
commit: 4a4b75adac862029a1064577eb5af299b1580cdd (patch)
tree: 97ef3deb8f9ccf0a9c6009baa7a0ddf5edf9fee7 /digest-openssl.c
parent: Check for NULL from malloc. (diff)
download: openssh-4a4b75adac862029a1064577eb5af299b1580cdd.tar.xz
openssh-4a4b75adac862029a1064577eb5af299b1580cdd.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/digest-openssl.c b/digest-openssl.c
index 13b63c2f0..c55ceb93f 100644
--- a/digest-openssl.c
+++ b/digest-openssl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: digest-openssl.c,v 1.5 2014/12/21 22:27:56 djm Exp $ */
+/* $OpenBSD: digest-openssl.c,v 1.6 2017/03/10 02:59:51 dtucker Exp $ */
 /*
  * Copyright (c) 2013 Damien Miller <djm@mindrot.org>
  *
@@ -158,7 +158,7 @@ ssh_digest_final(struct ssh_digest_ctx *ctx, u_char *d, size_t dlen)
 	const struct ssh_digest *digest = ssh_digest_by_alg(ctx->alg);
 	u_int l = dlen;
 
-	if (dlen > UINT_MAX)
+	if (digest == NULL || dlen > UINT_MAX)
 		return SSH_ERR_INVALID_ARGUMENT;
 	if (dlen < digest->digest_len) /* No truncation allowed */
 		return SSH_ERR_INVALID_ARGUMENT;
author	dtucker@openbsd.org <dtucker@openbsd.org>	2017-03-10 03:59:51 +0100
committer	Darren Tucker <dtucker@zip.com.au>	2017-03-10 05:23:17 +0100
commit	4a4b75adac862029a1064577eb5af299b1580cdd (patch)
tree	97ef3deb8f9ccf0a9c6009baa7a0ddf5edf9fee7 /digest-openssl.c
parent	Check for NULL from malloc. (diff)
download	openssh-4a4b75adac862029a1064577eb5af299b1580cdd.tar.xz openssh-4a4b75adac862029a1064577eb5af299b1580cdd.zip