From b42e9a19a3b72303551158d08b4efdb14ffc387a Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Wed, 13 Jul 2022 16:17:47 +0200
Subject: [PATCH] packet: Check hmac return codes in ssh_packet_hmac_verify()

CID #1490530

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
 src/packet_crypt.c | 28 +++++++++++++++++++---------
 1 file changed, 19 insertions(+), 9 deletions(-)

diff --git a/src/packet_crypt.c b/src/packet_crypt.c
index 3d8bb112..fe3f489e 100644
--- a/src/packet_crypt.c
+++ b/src/packet_crypt.c
@@ -266,6 +266,7 @@ int ssh_packet_hmac_verify(ssh_session session,
     size_t hmaclen = DIGEST_MAX_LEN;
     uint32_t seq;
     int cmp;
+    int rc;
 
     /* AEAD types have no mac checking */
     if (type == SSH_HMAC_AEAD_POLY1305 ||
@@ -288,15 +289,24 @@ int ssh_packet_hmac_verify(ssh_session session,
 
     seq = htonl(session->recv_seq);
 
-    hmac_update(ctx,
-                (unsigned char *)&seq,
-                sizeof(uint32_t));
-    hmac_update(ctx,
-                data,
-                len);
-    hmac_final(ctx,
-               hmacbuf,
-               &hmaclen);
+    rc = hmac_update(ctx,
+                     (unsigned char *) &seq,
+                     sizeof(uint32_t));
+    if (rc != 1) {
+        return SSH_ERROR;
+    }
+    rc = hmac_update(ctx,
+                     data,
+                     len);
+    if (rc != 1) {
+        return SSH_ERROR;
+    }
+    rc = hmac_final(ctx,
+                    hmacbuf,
+                    &hmaclen);
+    if (rc != 1) {
+        return SSH_ERROR;
+    }
 
 #ifdef DEBUG_CRYPTO
     ssh_log_hexdump("received mac",