diff options
author | Joel Sing <jsing@cvs.openbsd.org> | 2015-02-19 06:10:30 +0000 |
---|---|---|
committer | Joel Sing <jsing@cvs.openbsd.org> | 2015-02-19 06:10:30 +0000 |
commit | 70cc7d9642bd1dc1ae51974b9de27b66d8d3d8c4 (patch) | |
tree | 7a4c132d0eface0fad8cfd8c5b1053ab481ef2b8 | |
parent | 87abbb21b5b8f861b26dd6e5f0e37eadb37cbbbe (diff) |
If BN_rand() or BN_pseudo_rand() are called with a NULL rnd argument,
BN_bin2bn() will helpfully allocate a BN which is then leaked. Avoid this
by explicitly checking for NULL at the start of the bnrand() function.
Fixes Coverity ID 78831.
ok miod@
-rw-r--r-- | lib/libssl/src/crypto/bn/bn_rand.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/lib/libssl/src/crypto/bn/bn_rand.c b/lib/libssl/src/crypto/bn/bn_rand.c index 334c65dd577..ac5c5eb3089 100644 --- a/lib/libssl/src/crypto/bn/bn_rand.c +++ b/lib/libssl/src/crypto/bn/bn_rand.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_rand.c,v 1.16 2014/10/22 13:02:04 jsing Exp $ */ +/* $OpenBSD: bn_rand.c,v 1.17 2015/02/19 06:10:29 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -123,9 +123,14 @@ bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) unsigned char *buf = NULL; int ret = 0, bit, bytes, mask; + if (rnd == NULL) { + BNerr(BN_F_BNRAND, ERR_R_PASSED_NULL_PARAMETER); + return (0); + } + if (bits == 0) { BN_zero(rnd); - return 1; + return (1); } bytes = (bits + 7) / 8; @@ -175,7 +180,7 @@ bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) buf[0] &= ~mask; if (bottom) /* set bottom bit if requested */ buf[bytes - 1] |= 1; - if (!BN_bin2bn(buf, bytes, rnd)) + if (BN_bin2bn(buf, bytes, rnd) == NULL) goto err; ret = 1; |