Fix potential overflows in two additional hash functions.

Thanks to Arjuna Arya for the report.

Fixes #9955.
This commit is contained in:
Kareem
2026-03-11 17:27:18 -07:00
parent 091016a149
commit d205fcac87
2 changed files with 9 additions and 1 deletions
+5
View File
@@ -1954,6 +1954,11 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
int _wc_Hash_Grow(byte** msg, word32* used, word32* len, const byte* in,
int inSz, void* heap)
{
word32 tmpSz = 0;
if (!WC_SAFE_SUM_WORD32(*used, inSz, tmpSz))
return BAD_FUNC_ARG;
if (*len < *used + inSz) {
if (*msg == NULL) {
*msg = (byte*)XMALLOC(*used + inSz, heap, DYNAMIC_TYPE_TMP_BUFFER);
+4 -1
View File
@@ -75,8 +75,11 @@ static int hashInit(wolfssl_TI_Hash *hash)
static int hashUpdate(wolfssl_TI_Hash *hash, const byte* data, word32 len)
{
void *p;
word32 tmpSz = 0;
if ((hash== NULL) || (data == NULL))return BAD_FUNC_ARG;
if ((hash== NULL) || (data == NULL) ||
!WC_SAFE_SUM_WORD32(hash->used, len, tmpSz))
return BAD_FUNC_ARG;
if (hash->len < hash->used+len) {
if (hash->msg == NULL) {