From 70419e303b6e46d50f1a2a6e68b5aac77936178c Mon Sep 17 00:00:00 2001 From: tb Date: Wed, 5 Jan 2022 16:41:42 +0000 Subject: [PATCH] Add error checking for EVP_Digest* to snmpd(8). ok martijn --- usr.sbin/snmpd/usm.c | 27 ++++++++++++++++++++------- 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/usr.sbin/snmpd/usm.c b/usr.sbin/snmpd/usm.c index 40356c88d59..d9129c7116e 100644 --- a/usr.sbin/snmpd/usm.c +++ b/usr.sbin/snmpd/usm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: usm.c,v 1.22 2022/01/05 11:00:49 tb Exp $ */ +/* $OpenBSD: usm.c,v 1.23 2022/01/05 16:41:42 tb Exp $ */ /* * Copyright (c) 2012 GeNUA mbH @@ -720,7 +720,10 @@ usm_passwd2key(const EVP_MD *md, char *passwd, int *maxlen) if ((ctx = EVP_MD_CTX_new()) == NULL) return NULL; - EVP_DigestInit(ctx, md); + if (!EVP_DigestInit(ctx, md)) { + EVP_MD_CTX_free(ctx); + return NULL; + } pw = (u_char *)passwd; for (count = 0; count < 1048576; count += 64) { c = pwbuf; @@ -729,9 +732,15 @@ usm_passwd2key(const EVP_MD *md, char *passwd, int *maxlen) pw = (u_char *)passwd; *c++ = *pw++; } - EVP_DigestUpdate(ctx, pwbuf, 64); + if (!EVP_DigestUpdate(ctx, pwbuf, 64)) { + EVP_MD_CTX_free(ctx); + return NULL; + } + } + if (!EVP_DigestFinal(ctx, keybuf, &dlen)) { + EVP_MD_CTX_free(ctx); + return NULL; } - EVP_DigestFinal(ctx, keybuf, &dlen); EVP_MD_CTX_reset(ctx); /* Localize the key */ @@ -743,9 +752,13 @@ usm_passwd2key(const EVP_MD *md, char *passwd, int *maxlen) snmpd_env->sc_engineid_len); memcpy(pwbuf + dlen + snmpd_env->sc_engineid_len, keybuf, dlen); - EVP_DigestInit(ctx, md); - EVP_DigestUpdate(ctx, pwbuf, 2 * dlen + snmpd_env->sc_engineid_len); - EVP_DigestFinal(ctx, keybuf, &dlen); + if (!EVP_DigestInit(ctx, md) || + !EVP_DigestUpdate(ctx, pwbuf, + 2 * dlen + snmpd_env->sc_engineid_len) || + !EVP_DigestFinal(ctx, keybuf, &dlen)) { + EVP_MD_CTX_free(ctx); + return NULL; + } EVP_MD_CTX_free(ctx); if (*maxlen > 0 && dlen > (unsigned)*maxlen) -- 2.20.1