Fixed heap-buffer-overflow in crypto.createHmac().

author Dmitry Volyntsev <xeioex@nginx.com>

Wed, 13 Jun 2018 16:38:47 +0000 (19:38 +0300)

committer Dmitry Volyntsev <xeioex@nginx.com>

Wed, 13 Jun 2018 16:38:47 +0000 (19:38 +0300)
author Dmitry Volyntsev <xeioex@nginx.com>
Wed, 13 Jun 2018 16:38:47 +0000 (19:38 +0300)
committer Dmitry Volyntsev <xeioex@nginx.com>
Wed, 13 Jun 2018 16:38:47 +0000 (19:38 +0300)
diff --git a/njs/njs_crypto.c b/njs/njs_crypto.c

index 0946fb2200b77dff9abe34cd07b9ffe6f58c927e..de075708c7d828d389e988da92dc05bf228df8c2 100644 (file)
--- a/njs/njs_crypto.c
+++ b/njs/njs_crypto.c
@@ -417,7 +417,7 @@ njs_crypto_create_hmac(njs_vm_t *vm, njs_value_t *args, nxt_uint_t nargs,
  
      ctx->alg = alg;
  
-    if (key.length > 64) {
+    if (key.length > sizeof(key_buf)) {
          alg->init(&ctx->u);
          alg->update(&ctx->u, key.start, key.length);
          alg->final(digest, &ctx->u);
@@ -426,7 +426,7 @@ njs_crypto_create_hmac(njs_vm_t *vm, njs_value_t *args, nxt_uint_t nargs,
          memset(key_buf + alg->size, 0, sizeof(key_buf) - alg->size);
  
      } else {
-        memcpy(key_buf, key.start, sizeof(key_buf));
+        memcpy(key_buf, key.start, key.length);
          memset(key_buf + key.length, 0, sizeof(key_buf) - key.length);
      }
author	Dmitry Volyntsev <xeioex@nginx.com>
	Wed, 13 Jun 2018 16:38:47 +0000 (19:38 +0300)
committer	Dmitry Volyntsev <xeioex@nginx.com>
	Wed, 13 Jun 2018 16:38:47 +0000 (19:38 +0300)