root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Free a BIGNUM on error in BN_mpi2bn 

In the BN_mpi2bn() function, a failure of a call to BN_bin2bn() could
result in the leak of a previously allocated BIGNUM value.

Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Matt Caswell 2016-04-27 12:55:44 +01:00
parent b0b6ba2d11
commit 91fb42ddbe
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
crypto/bn/bn_mpi.c
View File

@ -94,34 +94,36 @@ BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a)
if (n < 4) { if (n < 4) {
BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH); BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH);
return (NULL); return NULL;
} }
len = ((long)d[0] << 24) | ((long)d[1] << 16) | ((int)d[2] << 8) | (int) len = ((long)d[0] << 24) | ((long)d[1] << 16) | ((int)d[2] << 8) | (int)
d[3]; d[3];
if ((len + 4) != n) { if ((len + 4) != n) {
BNerr(BN_F_BN_MPI2BN, BN_R_ENCODING_ERROR); BNerr(BN_F_BN_MPI2BN, BN_R_ENCODING_ERROR);
return (NULL); return NULL;
} }
if (a == NULL) if (a == NULL)
a = BN_new(); a = BN_new();
if (a == NULL) if (a == NULL)
return (NULL); return NULL;
if (len == 0) { if (len == 0) {
a->neg = 0; a->neg = 0;
a->top = 0; a->top = 0;
return (a); return a;
} }
d += 4; d += 4;
if ((*d) & 0x80) if ((*d) & 0x80)
neg = 1; neg = 1;
if (BN_bin2bn(d, (int)len, a) == NULL) if (BN_bin2bn(d, (int)len, a) == NULL) {
return (NULL); BN_free(a);
return NULL;
}
a->neg = neg; a->neg = neg;
if (neg) { if (neg) {
BN_clear_bit(a, BN_num_bits(a) - 1); BN_clear_bit(a, BN_num_bits(a) - 1);
} }
bn_check_top(a); bn_check_top(a);
return (a); return a;
} }