43 lines
1.1 KiB
Diff
43 lines
1.1 KiB
Diff
From 155df31305bee839041a04247645ad066ada95ee Mon Sep 17 00:00:00 2001
|
|
From: Jakub Jelen <jjelen@redhat.com>
|
|
Date: Wed, 14 May 2025 14:07:58 +0200
|
|
Subject: [PATCH] CVE-2025-5372 libgcrypto: Simplify error checking and
|
|
handling of return codes in ssh_kdf()
|
|
|
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
---
|
|
src/libcrypto.c | 7 +++++--
|
|
1 file changed, 5 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/libcrypto.c b/src/libcrypto.c
|
|
index 3db75df6..88d93862 100644
|
|
--- a/src/libcrypto.c
|
|
+++ b/src/libcrypto.c
|
|
@@ -366,6 +366,7 @@ int ssh_kdf(struct ssh_crypto_struct *crypto,
|
|
int key_type, unsigned char *output,
|
|
size_t requested_len)
|
|
{
|
|
+ int ret = SSH_ERROR;
|
|
EVP_KDF_CTX *ctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF);
|
|
int rc;
|
|
|
|
@@ -401,10 +402,12 @@ int ssh_kdf(struct ssh_crypto_struct *crypto,
|
|
goto out;
|
|
}
|
|
|
|
+ ret = SSH_OK;
|
|
+
|
|
out:
|
|
EVP_KDF_CTX_free(ctx);
|
|
- if (rc < 0) {
|
|
- return rc;
|
|
+ if (ret < 0) {
|
|
+ return ret;
|
|
}
|
|
return 0;
|
|
}
|
|
--
|
|
2.51.0
|
|
|