ITS#10224 libldap: check for OpenSSL EVP_Digest* failure

2026-02-18 18:18:06 -05:00 · 2024-06-07 15:33:04 +01:00 · 2024-06-07 15:33:04 +01:00 · bee6e76cd9
commit bee6e76cd9
parent 07dc2133c9
1 changed files with 8 additions and 4 deletions
--- a/libraries/libldap/tls_o.c
+++ b/libraries/libldap/tls_o.c
@ -1170,15 +1170,19 @@ tlso_session_pinning( LDAP *ld, tls_session *sess, char *hashalg, struct berval
 			goto done;
 		}

-		EVP_DigestInit_ex( mdctx, md, NULL );
-		EVP_DigestUpdate( mdctx, key.bv_val, key.bv_len );
-		EVP_DigestFinal_ex( mdctx, (unsigned char *)keyhash.bv_val, &len );
-		keyhash.bv_len = len;
+		if ( EVP_DigestInit_ex( mdctx, md, NULL ) &&
+			EVP_DigestUpdate( mdctx, key.bv_val, key.bv_len ) &&
+			EVP_DigestFinal_ex( mdctx, (unsigned char *)keyhash.bv_val, &len ))
+			keyhash.bv_len = len;
+		else
+			rc = -1;
 #if OPENSSL_VERSION_NUMBER >= 0x10100000
 		EVP_MD_CTX_free( mdctx );
 #else
 		EVP_MD_CTX_destroy( mdctx );
 #endif
+		if ( rc )
+			goto done;
 	} else {
 		keyhash = key;
 	}