Ensure se050Ctx->used does not overflow in se050_hash_update.

Thanks to Arjuna Arya for the report.

Fixes #9951.
This commit is contained in:
Kareem
2026-03-11 14:58:09 -07:00
parent a6195c30c1
commit 091016a149
+4 -2
View File
@@ -266,9 +266,11 @@ int se050_hash_copy(SE050_HASH_Context* src, SE050_HASH_Context* dst)
int se050_hash_update(SE050_HASH_Context* se050Ctx, const byte* data, word32 len)
{
byte* tmp = NULL;
byte* tmp = NULL;
word32 tmpSz = 0;
if (se050Ctx == NULL || (len > 0 && data == NULL)) {
if (se050Ctx == NULL || (len > 0 && data == NULL) ||
!WC_SAFE_SUM_WORD32(se050Ctx->used, len, tmpSz)) {
return BAD_FUNC_ARG;
}