Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Bug 1431940 - remove dereference before NULL check in BLAKE2B code. r…
…=kjacobs

Differential Revision: https://phabricator.services.mozilla.com/D62676

--HG--
extra : moz-landing-system : lando
  • Loading branch information
lumag committed Feb 14, 2020
1 parent 0c8ff00 commit 572234f
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 8 deletions.
12 changes: 12 additions & 0 deletions gtests/freebl_gtest/blake2b_unittest.cc
Expand Up @@ -113,6 +113,18 @@ TEST_F(Blake2BTests, ContextTest2) {
<< "BLAKE2B_End failed!";
}

TEST_F(Blake2BTests, NullContextTest) {
SECStatus rv = BLAKE2B_Begin(nullptr);
ASSERT_EQ(SECFailure, rv);

rv = BLAKE2B_Update(nullptr, kat_data.data(), 128);
ASSERT_EQ(SECFailure, rv);

std::vector<uint8_t> digest(BLAKE2B512_LENGTH);
rv = BLAKE2B_End(nullptr, digest.data(), nullptr, BLAKE2B512_LENGTH);
ASSERT_EQ(SECFailure, rv);
}

TEST_F(Blake2BTests, CloneTest) {
ScopedBLAKE2BContext ctx(BLAKE2B_NewContext());
ScopedBLAKE2BContext cloned_ctx(BLAKE2B_NewContext());
Expand Down
14 changes: 6 additions & 8 deletions lib/freebl/blake2b.c
Expand Up @@ -147,9 +147,8 @@ static SECStatus
blake2b_Begin(BLAKE2BContext* ctx, uint8_t outlen, const uint8_t* key,
size_t keylen)
{
PORT_Assert(ctx != NULL);
if (!ctx) {
goto failure;
goto failure_noclean;
}
if (outlen == 0 || outlen > BLAKE2B512_LENGTH) {
goto failure;
Expand Down Expand Up @@ -181,6 +180,7 @@ blake2b_Begin(BLAKE2BContext* ctx, uint8_t outlen, const uint8_t* key,

failure:
PORT_Memset(ctx, 0, sizeof(*ctx));
failure_noclean:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
Expand Down Expand Up @@ -218,17 +218,11 @@ SECStatus
BLAKE2B_Update(BLAKE2BContext* ctx, const unsigned char* in,
unsigned int inlen)
{
size_t left = ctx->buflen;
size_t fill = BLAKE2B_BLOCK_LENGTH - left;

/* Nothing to do if there's nothing. */
if (inlen == 0) {
return SECSuccess;
}

PORT_Assert(ctx != NULL);
PORT_Assert(in != NULL);
PORT_Assert(left <= BLAKE2B_BLOCK_LENGTH);
if (!ctx || !in) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
Expand All @@ -240,6 +234,10 @@ BLAKE2B_Update(BLAKE2BContext* ctx, const unsigned char* in,
return SECFailure;
}

size_t left = ctx->buflen;
PORT_Assert(left <= BLAKE2B_BLOCK_LENGTH);
size_t fill = BLAKE2B_BLOCK_LENGTH - left;

if (inlen > fill) {
if (ctx->buflen) {
/* There's some remaining data in ctx->buf that we have to prepend
Expand Down

0 comments on commit 572234f

Please sign in to comment.