From 45fd04ee721179d17044f3843361a6ff3bf3b409 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= Date: Sat, 29 Feb 2020 11:19:15 +0100 Subject: [PATCH] core: return 0 in case of invalid parameters received in function secure_derive_key --- src/core/wee-secure.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/core/wee-secure.c b/src/core/wee-secure.c index 18a8ee52b..064f080bb 100644 --- a/src/core/wee-secure.c +++ b/src/core/wee-secure.c @@ -179,6 +179,9 @@ secure_derive_key (const char *salt, const char *passphrase, int length, length_hash; gcry_md_hd_t hd_md; + if (!salt || !passphrase || !key || (length_key < 1)) + return 0; + memset (key, 0, length_key); length = SECURE_SALT_SIZE + strlen (passphrase);