Fix possible overflow of digest result writing

[openssl-gost/engine.git] / gost_omac.c

diff --git a/gost_omac.c b/gost_omac.c
index af6eb2a9e9e6e9cf2260754db5c7b147b2c912d8..d1f897a15c2227b8936e51625eeb73f818b433a3 100644 (file)
--- a/gost_omac.c
+++ b/gost_omac.c
@@ -7,6 +7,8 @@
 #include "e_gost_err.h"
 #include "gost_lcl.h"
 
+#define min(a,b) (((a) < (b)) ? (a) : (b))
+
 typedef struct omac_ctx {
        CMAC_CTX *cmac_ctx;
        size_t   dgst_size;
@@ -71,7 +73,8 @@ int omac_imit_final(EVP_MD_CTX *ctx, unsigned char *md)
 
                CMAC_Final(c->cmac_ctx, mac, &mac_size);
 
-    memcpy(md, mac, c->dgst_size);
+    int md_size = EVP_MD_meth_get_result_size(EVP_MD_CTX_md(ctx));
+    memcpy(md, mac, min(md_size, c->dgst_size));
     return 1;
 }