From 47565cc84db8f5b48f97eef21fb7c9ffdd188044 Mon Sep 17 00:00:00 2001
From: qmuntal <qmuntaldiaz@microsoft.com>
Date: Tue, 29 Oct 2024 16:32:49 +0100
Subject: [PATCH] validate KEY_DATA_BLOB_VERSION1 content in ExtractHKDF

---
 cng/hkdf.go | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/cng/hkdf.go b/cng/hkdf.go
index 655926e..5338fb5 100644
--- a/cng/hkdf.go
+++ b/cng/hkdf.go
@@ -156,14 +156,19 @@ func ExtractHKDF(h func() hash.Hash, secret, salt []byte) ([]byte, error) {
 		return nil, errors.New("cng: unknown key data blob version")
 	}
 	// KEY_DATA_BLOB_VERSION1 format is:
-	// cbHash uint32 // Big-endian
-	// hashName [cbHash]byte
+	// cbHashName uint32 // Big-endian
+	// pHashName [cbHash]byte
 	// key []byte // Rest of the blob
 	if len(blob) < 4 {
 		return nil, errors.New("cng: exported key is corrupted")
 	}
-	hashLength := binary.BigEndian.Uint32(blob[:])
-	return blob[4+hashLength:], nil
+	cbHashName := binary.BigEndian.Uint32(blob)
+	blob = blob[4:]
+	if len(blob) < int(cbHashName) {
+		return nil, errors.New("cng: exported key is corrupted")
+	}
+	// Skip pHashName.
+	return blob[cbHashName:], nil
 }
 
 func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte) (io.Reader, error) {