From 11a7bc01b8d2b8623427ddca0920e2fc3adb9725 Mon Sep 17 00:00:00 2001 From: Shamil Abdulaev Date: Tue, 14 Oct 2025 18:36:07 +0300 Subject: [PATCH 1/3] Fix memory leak in HMAC digest --- Modules/_hacl/Hacl_Streaming_HMAC.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Modules/_hacl/Hacl_Streaming_HMAC.c b/Modules/_hacl/Hacl_Streaming_HMAC.c index 8dd7e2c0bf3e71..268c9ea3299dba 100644 --- a/Modules/_hacl/Hacl_Streaming_HMAC.c +++ b/Modules/_hacl/Hacl_Streaming_HMAC.c @@ -2378,6 +2378,8 @@ Hacl_Streaming_HMAC_digest( Hacl_Agile_Hash_state_s *s11 = tmp_block_state1.snd; update_last(s11, prev_len_last, buf_last, r); finish0(tmp_block_state1, output); + free_(tmp_block_state1.snd); + free_(tmp_block_state1.thd); return Hacl_Streaming_Types_Success; } KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", @@ -2519,4 +2521,3 @@ Hacl_Streaming_HMAC_agile_state "unreachable (pattern matches are exhaustive in F*)"); KRML_HOST_EXIT(255U); } - From 76f110a69ec2732084813b62a5055781ccae43a3 Mon Sep 17 00:00:00 2001 From: Shamil Abdulaev Date: Tue, 14 Oct 2025 18:59:41 +0300 Subject: [PATCH 2/3] add blurb --- .../Security/2025-10-14-18-58-09.gh-issue-140120.WyeECT.rst | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 Misc/NEWS.d/next/Security/2025-10-14-18-58-09.gh-issue-140120.WyeECT.rst diff --git a/Misc/NEWS.d/next/Security/2025-10-14-18-58-09.gh-issue-140120.WyeECT.rst b/Misc/NEWS.d/next/Security/2025-10-14-18-58-09.gh-issue-140120.WyeECT.rst new file mode 100644 index 00000000000000..7e20d61a2e3715 --- /dev/null +++ b/Misc/NEWS.d/next/Security/2025-10-14-18-58-09.gh-issue-140120.WyeECT.rst @@ -0,0 +1,2 @@ +Fixes a memory leak in ``Hacl_Streaming_HMAC_digest`` by freeing the +``snd`` and ``thd`` fields of ``tmp_block_state1``. From 715d76c163a932c39ef95ddf42bc506d8e9ec4bc Mon Sep 17 00:00:00 2001 From: Shamil Date: Tue, 14 Oct 2025 19:15:02 +0300 Subject: [PATCH 3/3] Update Modules/_hacl/Hacl_Streaming_HMAC.c Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com> --- Modules/_hacl/Hacl_Streaming_HMAC.c | 1 + 1 file changed, 1 insertion(+) diff --git a/Modules/_hacl/Hacl_Streaming_HMAC.c b/Modules/_hacl/Hacl_Streaming_HMAC.c index 268c9ea3299dba..46d789a01682d7 100644 --- a/Modules/_hacl/Hacl_Streaming_HMAC.c +++ b/Modules/_hacl/Hacl_Streaming_HMAC.c @@ -2521,3 +2521,4 @@ Hacl_Streaming_HMAC_agile_state "unreachable (pattern matches are exhaustive in F*)"); KRML_HOST_EXIT(255U); } +