diff options
author | Matt Caswell <matt@openssl.org> | 2016-04-27 12:55:44 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-04-28 13:13:09 +0100 |
commit | 91fb42ddbef7a88640d1a0f853c941c20df07de7 (patch) | |
tree | bd3f2f425264fe958ce6eae7be1d26460862aaf2 | |
parent | b0b6ba2d11ce4188e32be50c9e87672c67183616 (diff) |
Free a BIGNUM on error in BN_mpi2bn
In the BN_mpi2bn() function, a failure of a call to BN_bin2bn() could
result in the leak of a previously allocated BIGNUM value.
Reviewed-by: Richard Levitte <levitte@openssl.org>
-rw-r--r-- | crypto/bn/bn_mpi.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/crypto/bn/bn_mpi.c b/crypto/bn/bn_mpi.c index 80d105dd55..86d96750b9 100644 --- a/crypto/bn/bn_mpi.c +++ b/crypto/bn/bn_mpi.c @@ -94,34 +94,36 @@ BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a) if (n < 4) { BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH); - return (NULL); + return NULL; } len = ((long)d[0] << 24) | ((long)d[1] << 16) | ((int)d[2] << 8) | (int) d[3]; if ((len + 4) != n) { BNerr(BN_F_BN_MPI2BN, BN_R_ENCODING_ERROR); - return (NULL); + return NULL; } if (a == NULL) a = BN_new(); if (a == NULL) - return (NULL); + return NULL; if (len == 0) { a->neg = 0; a->top = 0; - return (a); + return a; } d += 4; if ((*d) & 0x80) neg = 1; - if (BN_bin2bn(d, (int)len, a) == NULL) - return (NULL); + if (BN_bin2bn(d, (int)len, a) == NULL) { + BN_free(a); + return NULL; + } a->neg = neg; if (neg) { BN_clear_bit(a, BN_num_bits(a) - 1); } bn_check_top(a); - return (a); + return a; } |