From fd732550d8ae83cbe17e83e366175227914ea64c Mon Sep 17 00:00:00 2001
From: Markus Triska <triska@metalevel.at>
Date: Mon, 18 May 2020 13:21:20 +0200
Subject: [PATCH] crypto_data_hkdf/4: Fail if the length is too long.

Due to the way the counter is constructed in the HKDF specification,
the requested output length can be at most 255 times the size of the
digest algorithm's output.

Reported by @notoria in #527. Many thanks!
---
 src/prolog/machine/system_calls.rs | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/prolog/machine/system_calls.rs b/src/prolog/machine/system_calls.rs
index 17d456ed..c71fc5ba 100644
--- a/src/prolog/machine/system_calls.rs
+++ b/src/prolog/machine/system_calls.rs
@@ -5266,7 +5266,10 @@ impl MachineState {
                              let salt = hkdf::Salt::new(digest_alg, &salt);
                              let mut bytes : Vec<u8> = Vec::new();
                              bytes.resize(length, 0);
-                             salt.extract(&data).expand(&[&info[..]], MyKey(length)).unwrap().fill(&mut bytes).unwrap();
+                             match salt.extract(&data).expand(&[&info[..]], MyKey(length)) {
+                                 Ok(r) => { r.fill(&mut bytes).unwrap(); }
+                                 _ => { self.fail = true; return Ok(()); }
+                             }
 
                              Addr::HeapCell(self.heap.to_list(bytes.iter().map(|b| HeapCellValue::Integer(Rc::new(Integer::from(*b))))))
                         };
-- 
2.54.0