From 8977e246b6d7ae467cab008a49e0a9e3d84bc2a0 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 15 Dec 2023 13:35:14 +0100
Subject: [PATCH 18/20] CVE-2023-6918: kdf: Detect context init failures

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/kdf.c | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/src/kdf.c b/src/kdf.c
index a8e534e5..6bc477ce 100644
--- a/src/kdf.c
+++ b/src/kdf.c
@@ -61,20 +61,32 @@ static ssh_mac_ctx ssh_mac_ctx_init(enum ssh_kdf_digest type)
     switch (type) {
     case SSH_KDF_SHA1:
         ctx->ctx.sha1_ctx = sha1_init();
+        if (ctx->ctx.sha1_ctx == NULL) {
+            goto err;
+        }
         return ctx;
     case SSH_KDF_SHA256:
         ctx->ctx.sha256_ctx = sha256_init();
+        if (ctx->ctx.sha256_ctx == NULL) {
+            goto err;
+        }
         return ctx;
     case SSH_KDF_SHA384:
         ctx->ctx.sha384_ctx = sha384_init();
+        if (ctx->ctx.sha384_ctx == NULL) {
+            goto err;
+        }
         return ctx;
     case SSH_KDF_SHA512:
         ctx->ctx.sha512_ctx = sha512_init();
+        if (ctx->ctx.sha512_ctx == NULL) {
+            goto err;
+        }
         return ctx;
-    default:
-        SAFE_FREE(ctx);
-        return NULL;
     }
+err:
+    SAFE_FREE(ctx);
+    return NULL;
 }
 
 static void ssh_mac_ctx_free(ssh_mac_ctx ctx)
-- 
2.33.0