summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2015-02-19 06:10:30 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2015-02-19 06:10:30 +0000
commit70cc7d9642bd1dc1ae51974b9de27b66d8d3d8c4 (patch)
tree7a4c132d0eface0fad8cfd8c5b1053ab481ef2b8
parent87abbb21b5b8f861b26dd6e5f0e37eadb37cbbbe (diff)
If BN_rand() or BN_pseudo_rand() are called with a NULL rnd argument,
BN_bin2bn() will helpfully allocate a BN which is then leaked. Avoid this by explicitly checking for NULL at the start of the bnrand() function. Fixes Coverity ID 78831. ok miod@
-rw-r--r--lib/libssl/src/crypto/bn/bn_rand.c11
1 files changed, 8 insertions, 3 deletions
diff --git a/lib/libssl/src/crypto/bn/bn_rand.c b/lib/libssl/src/crypto/bn/bn_rand.c
index 334c65dd577..ac5c5eb3089 100644
--- a/lib/libssl/src/crypto/bn/bn_rand.c
+++ b/lib/libssl/src/crypto/bn/bn_rand.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_rand.c,v 1.16 2014/10/22 13:02:04 jsing Exp $ */
+/* $OpenBSD: bn_rand.c,v 1.17 2015/02/19 06:10:29 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -123,9 +123,14 @@ bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
unsigned char *buf = NULL;
int ret = 0, bit, bytes, mask;
+ if (rnd == NULL) {
+ BNerr(BN_F_BNRAND, ERR_R_PASSED_NULL_PARAMETER);
+ return (0);
+ }
+
if (bits == 0) {
BN_zero(rnd);
- return 1;
+ return (1);
}
bytes = (bits + 7) / 8;
@@ -175,7 +180,7 @@ bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
buf[0] &= ~mask;
if (bottom) /* set bottom bit if requested */
buf[bytes - 1] |= 1;
- if (!BN_bin2bn(buf, bytes, rnd))
+ if (BN_bin2bn(buf, bytes, rnd) == NULL)
goto err;
ret = 1;