From: tb Date: Thu, 1 Jun 2023 02:34:23 +0000 (+0000) Subject: Avoid a potentially overflowing check X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=40d1347d0a5d08ba3c6fc8c4d67873541e164d3d;p=openbsd Avoid a potentially overflowing check This doesn't actually overflow, but still is poor style. Speaking of which: this is now the second time I get to fix something reported by Nicky Mouha by way of a blog post. The first time was the actual SHA-3 buffer overflow in Python where it is not entirely clear who screwed up and how. Hopefully next time proper communication will happen and work. ok jsing --- diff --git a/lib/libcrypto/hkdf/hkdf.c b/lib/libcrypto/hkdf/hkdf.c index 47ad4ec131b..9e0e2063246 100644 --- a/lib/libcrypto/hkdf/hkdf.c +++ b/lib/libcrypto/hkdf/hkdf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hkdf.c,v 1.8 2022/11/26 16:08:53 tb Exp $ */ +/* $OpenBSD: hkdf.c,v 1.9 2023/06/01 02:34:23 tb Exp $ */ /* Copyright (c) 2014, Google Inc. * * Permission to use, copy, modify, and/or distribute this software for any @@ -102,7 +102,7 @@ HKDF_expand(uint8_t *out_key, size_t out_len, goto out; todo = digest_len; - if (done + todo > out_len) + if (todo > out_len - done) todo = out_len - done; memcpy(out_key + done, previous, todo);