diff options
author | Joel Sing <jsing@cvs.openbsd.org> | 2015-02-19 06:10:30 +0000 |
---|---|---|
committer | Joel Sing <jsing@cvs.openbsd.org> | 2015-02-19 06:10:30 +0000 |
commit | 0d6b3ae63965cf7489529db6341b153a7e4ba41f (patch) | |
tree | 9c8e74c447619f05a320888519d4e4f0394b4911 /lib | |
parent | ef6bd6a7fd8a2af818ebe2a1bbbe6a557cc16079 (diff) |
If BN_rand() or BN_pseudo_rand() are called with a NULL rnd argument,
BN_bin2bn() will helpfully allocate a BN which is then leaked. Avoid this
by explicitly checking for NULL at the start of the bnrand() function.
Fixes Coverity ID 78831.
ok miod@
Diffstat (limited to 'lib')
-rw-r--r-- | lib/libcrypto/bn/bn_rand.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/lib/libcrypto/bn/bn_rand.c b/lib/libcrypto/bn/bn_rand.c index 334c65dd577..ac5c5eb3089 100644 --- a/lib/libcrypto/bn/bn_rand.c +++ b/lib/libcrypto/bn/bn_rand.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_rand.c,v 1.16 2014/10/22 13:02:04 jsing Exp $ */ +/* $OpenBSD: bn_rand.c,v 1.17 2015/02/19 06:10:29 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -123,9 +123,14 @@ bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) unsigned char *buf = NULL; int ret = 0, bit, bytes, mask; + if (rnd == NULL) { + BNerr(BN_F_BNRAND, ERR_R_PASSED_NULL_PARAMETER); + return (0); + } + if (bits == 0) { BN_zero(rnd); - return 1; + return (1); } bytes = (bits + 7) / 8; @@ -175,7 +180,7 @@ bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) buf[0] &= ~mask; if (bottom) /* set bottom bit if requested */ buf[bytes - 1] |= 1; - if (!BN_bin2bn(buf, bytes, rnd)) + if (BN_bin2bn(buf, bytes, rnd) == NULL) goto err; ret = 1; |