OSSForks/ladybird
1
0
Fork 0
mirror of https://github.com/zebrajr/ladybird.git synced 2025-12-06 00:19:53 +01:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

LibCrypto: Fix HMAC nullptr deref when key has length 0

Browse Source 
While a key of length zero seems like a bad idea in general, the WPT
tests end up calling exactly this, so we need to support it one way or
another.
This commit is contained in:
Ben Wiederhake 2024-10-21 00:43:38 +02:00 committed by Andrew Kaster
parent 85541f1e76
commit e1c3e212de
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Userland/Libraries/LibCrypto/Authentication/HMAC.h
View File

@ -93,7 +93,7 @@ private:
auto digest = m_inner_hasher.digest();
// FIXME: should we check if the hash function creates more data than its block size?
key_buffer.overwrite(0, digest.immutable_data(), m_inner_hasher.digest_size());
} else {
} else if (length > 0) {
key_buffer.overwrite(0, key, length);
}