git-market/curl-curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-11 12:01:42 +08:00
Code Issues Actions 14 Packages Projects Releases Wiki Activity

hmac: free memory properly on errors

Browse Source 
If one of the hmac init calls fail, Curl_HMAC_init previously would
return without first freeing the allocated HMAC_context.

Fixes #19176
Reported-by: WangDaLei on github
Closes #19177
This commit is contained in:
Daniel Stenberg 2025-10-21 13:33:18 +02:00
parent 38c19edd67
commit 76d2852550
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/hmac.c
View File

@ -74,7 +74,7 @@ Curl_HMAC_init(const struct HMAC_params *hashparams,
/* If the key is too long, replace it by its hash digest. */
if(keylen > hashparams->maxkeylen) {
if(hashparams->hinit(ctxt->hashctxt1))
return NULL;
goto fail;
hashparams->hupdate(ctxt->hashctxt1, key, keylen);
hkey = (unsigned char *) ctxt->hashctxt2 + hashparams->ctxtsize;
hashparams->hfinal(hkey, ctxt->hashctxt1);
@ -85,7 +85,7 @@ Curl_HMAC_init(const struct HMAC_params *hashparams,
/* Prime the two hash contexts with the modified key. */
if(hashparams->hinit(ctxt->hashctxt1) ||
hashparams->hinit(ctxt->hashctxt2))
return NULL;
goto fail;
for(i = 0; i < keylen; i++) {
b = (unsigned char)(*key ^ hmac_ipad);
@ -101,6 +101,10 @@ Curl_HMAC_init(const struct HMAC_params *hashparams,
/* Done, return pointer to HMAC context. */
return ctxt;
fail:
free(ctxt);
return NULL;
}
int Curl_HMAC_update(struct HMAC_context *ctxt,