Check HMAC_Init_ex() return value

2022-01-12 21:10:45 -06:00
parent 52f3dc6aa4
commit 05e8c0ede6
11 changed files with 125 additions and 65 deletions
--- a/kdc/httpkadmind.c
+++ b/kdc/httpkadmind.c
@@ -1740,15 +1740,22 @@ mac_csrf_token(kadmin_request_desc r, krb5_storage *sp)
            ret = krb5_enomem(r->context);
    /* HMAC the token body and the client principal name */
    if (ret == 0) {
-        HMAC_Init_ex(ctx, princ.key_data[i].key_data_contents[0], princ.key_data[i].key_data_length[0], EVP_sha256(), NULL);
-        HMAC_Update(ctx, data.data, data.length);
-        HMAC_Update(ctx, r->cname, strlen(r->cname));
-        HMAC_Final(ctx, mac, &maclen);
-        krb5_data_free(&data);
-        data.length = maclen;
-        data.data = mac;
-        if (krb5_storage_write(sp, mac, maclen) != maclen)
+        if (HMAC_Init_ex(ctx, princ.key_data[i].key_data_contents[0],
+                         princ.key_data[i].key_data_length[0], EVP_sha256(),
+                         NULL) == 0) {
+            HMAC_CTX_cleanup(ctx);
            ret = krb5_enomem(r->context);
+        } else {
+            HMAC_Update(ctx, data.data, data.length);
+            HMAC_Update(ctx, r->cname, strlen(r->cname));
+            HMAC_Final(ctx, mac, &maclen);
+            HMAC_CTX_cleanup(ctx);
+            krb5_data_free(&data);
+            data.length = maclen;
+            data.data = mac;
+            if (krb5_storage_write(sp, mac, maclen) != maclen)
+                ret = krb5_enomem(r->context);
+        }
    }
    krb5_free_principal(r->context, p);
    if (freeit)
--- a/kdc/kx509.c
+++ b/kdc/kx509.c
@@ -157,9 +157,11 @@ verify_req_hash(krb5_context context,
    }

    HMAC_CTX_init(&ctx);
-    HMAC_Init_ex(&ctx,
-                 key->keyvalue.data, key->keyvalue.length,
-                 EVP_sha1(), NULL);
+    if (HMAC_Init_ex(&ctx, key->keyvalue.data, key->keyvalue.length,
+                     EVP_sha1(), NULL) == 0) {
+        HMAC_CTX_cleanup(&ctx);
+        return krb5_enomem(context);
+    }
    if (sizeof(digest) != HMAC_size(&ctx))
        krb5_abortx(context, "runtime error, hmac buffer wrong size in kx509");
    HMAC_Update(&ctx, version_2_0, sizeof(version_2_0));
@@ -186,14 +188,17 @@ calculate_reply_hash(krb5_context context,
                     krb5_keyblock *key,
                     Kx509Response *rep)
 {
-    krb5_error_code ret;
+    krb5_error_code ret = 0;
    HMAC_CTX ctx;

    HMAC_CTX_init(&ctx);

-    HMAC_Init_ex(&ctx, key->keyvalue.data, key->keyvalue.length,
-                 EVP_sha1(), NULL);
-    ret = krb5_data_alloc(rep->hash, HMAC_size(&ctx));
+    if (HMAC_Init_ex(&ctx, key->keyvalue.data, key->keyvalue.length,
+                     EVP_sha1(), NULL) == 0)
+        ret = krb5_enomem(context);
+
+    if (ret == 0)
+        ret = krb5_data_alloc(rep->hash, HMAC_size(&ctx));
    if (ret) {
        HMAC_CTX_cleanup(&ctx);
        return krb5_enomem(context);