A memset() with a zero length argument isn't well defined. It *might* be
a no-op, but then it might not. So, test for this case in
hmac_sha256_init().
Found by Coverity.
Signed-off-by: David Gibson <da...@gibson.dropbear.id.au>
---
ccan/crypto/hmac_sha256/hmac_sha256.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/ccan/crypto/hmac_sha256/hmac_sha256.c
b/ccan/crypto/hmac_sha256/hmac_sha256.c
index 0392afe..70ca3b2 100644
--- a/ccan/crypto/hmac_sha256/hmac_sha256.c
+++ b/ccan/crypto/hmac_sha256/hmac_sha256.c
@@ -36,7 +36,9 @@ void hmac_sha256_init(struct hmac_sha256_ctx *ctx,
* appended with 44 zero bytes 0x00)
*/
memcpy(k_ipad, k, ksize);
- memset((char *)k_ipad + ksize, 0, HMAC_SHA256_BLOCKSIZE - ksize);
+ if (ksize < HMAC_SHA256_BLOCKSIZE)
+ memset((char *)k_ipad + ksize, 0,
+ HMAC_SHA256_BLOCKSIZE - ksize);
/*
* (2) XOR (bitwise exclusive-OR) the B byte string computed
--
2.9.3
_______________________________________________
ccan mailing list
ccan@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/ccan
