apps/rehash.c: Add the check for the EVP_MD_get_size()

Add the check for the return value of EVP_MD_get_size() to avoid invalid negative numbers and then explicitly cast from int to size_t. Add the check to prevent that EVP_MD_get_size() returns a value greater than EVP_MAX_MD_SIZE. Signed-off-by: Jiasheng Jiang <jiashengjiangcool@outlook.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24802)
2024-07-05 18:05:35 +00:00 · 2024-07-05 18:05:35 +00:00 · 45cada1339
commit 45cada1339
parent eaf577c865
1 changed files with 5 additions and 2 deletions
--- a/apps/rehash.c
+++ b/apps/rehash.c
@ -140,7 +140,7 @@ static int add_entry(enum Type type, unsigned int hash, const char *filename,
    }

    for (ep = bp->first_entry; ep; ep = ep->next) {
-        if (digest && memcmp(digest, ep->digest, evpmdsize) == 0) {
+        if (digest && memcmp(digest, ep->digest, (size_t)evpmdsize) == 0) {
            BIO_printf(bio_err,
                       "%s: warning: skipping duplicate %s in %s\n",
                       opt_getprog(),
@ -183,7 +183,7 @@ static int add_entry(enum Type type, unsigned int hash, const char *filename,
    if (need_symlink && !ep->need_symlink) {
        ep->need_symlink = 1;
        bp->num_needed++;
-        memcpy(ep->digest, digest, evpmdsize);
+        memcpy(ep->digest, digest, (size_t)evpmdsize);
    }
    return 0;
 }
@ -553,6 +553,9 @@ int rehash_main(int argc, char **argv)
    evpmd = EVP_sha1();
    evpmdsize = EVP_MD_get_size(evpmd);

+    if (evpmdsize <= 0 || evpmdsize > EVP_MAX_MD_SIZE)
+        goto end;
+
    if (*argv != NULL) {
        while (*argv != NULL)
            errs += do_dir(*argv++, h);