rpms/cjose
7
0
Fork 0
Code Issues Pull Requests Releases Activity
stream-mod_auth_openidc-2.3-rhel-8.10.0
cjose/0002-check-cjose_get_alloc.patch
Tomas Halman e02a34a658 Random memory override 
Resolves: rhbz#2072469
2023-03-17 14:47:04 +01:00

26 lines
814 B
Diff
Raw Permalink Blame History

commit 54d449473b21e93805070264791e80f84f601b4d
Author: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
Date: Tue Apr 5 20:51:20 2022 +0200
check result of cek = cjose_get_alloc()(cek_len) in jwe.c
see: https://github.com/cisco/cjose/issues/110
Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
diff --git a/src/jwe.c b/src/jwe.c
index 4285097..157ddec 100644
--- a/src/jwe.c
+++ b/src/jwe.c
@@ -2064,6 +2064,10 @@ uint8_t *cjose_jwe_decrypt_multi(cjose_jwe_t *jwe, cjose_key_locator key_locator
{
cek_len = jwe->cek_len;
cek = cjose_get_alloc()(cek_len);
+ if (!cek) {
+ CJOSE_ERROR(err, CJOSE_ERR_NO_MEMORY);
+ return NULL;
+ }
memcpy(cek, jwe->cek, cek_len);
}
else
Reference in New Issue View Git Blame Copy Permalink