summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2015-02-19 06:10:30 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2015-02-19 06:10:30 +0000
commit0d6b3ae63965cf7489529db6341b153a7e4ba41f (patch)
tree9c8e74c447619f05a320888519d4e4f0394b4911 /lib
parentef6bd6a7fd8a2af818ebe2a1bbbe6a557cc16079 (diff)
If BN_rand() or BN_pseudo_rand() are called with a NULL rnd argument,
BN_bin2bn() will helpfully allocate a BN which is then leaked. Avoid this by explicitly checking for NULL at the start of the bnrand() function. Fixes Coverity ID 78831. ok miod@
Diffstat (limited to 'lib')
-rw-r--r--lib/libcrypto/bn/bn_rand.c11
1 files changed, 8 insertions, 3 deletions
diff --git a/lib/libcrypto/bn/bn_rand.c b/lib/libcrypto/bn/bn_rand.c
index 334c65dd577..ac5c5eb3089 100644
--- a/lib/libcrypto/bn/bn_rand.c
+++ b/lib/libcrypto/bn/bn_rand.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_rand.c,v 1.16 2014/10/22 13:02:04 jsing Exp $ */
+/* $OpenBSD: bn_rand.c,v 1.17 2015/02/19 06:10:29 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -123,9 +123,14 @@ bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
unsigned char *buf = NULL;
int ret = 0, bit, bytes, mask;
+ if (rnd == NULL) {
+ BNerr(BN_F_BNRAND, ERR_R_PASSED_NULL_PARAMETER);
+ return (0);
+ }
+
if (bits == 0) {
BN_zero(rnd);
- return 1;
+ return (1);
}
bytes = (bits + 7) / 8;
@@ -175,7 +180,7 @@ bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
buf[0] &= ~mask;
if (bottom) /* set bottom bit if requested */
buf[bytes - 1] |= 1;
- if (!BN_bin2bn(buf, bytes, rnd))
+ if (BN_bin2bn(buf, bytes, rnd) == NULL)
goto err;
ret = 1;