diff options
author | Bodo Möller <bodo@openssl.org> | 2010-02-23 10:36:35 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2010-02-23 10:36:35 +0000 |
commit | 2d9dcd4ff0923347fab727ac90e8526dd65e4e07 (patch) | |
tree | 2aaf576cf8d78dec215500be1e79d15db67bcf94 /crypto/bn | |
parent | a8397553295bca838e082b959b4b8efe5d3b1256 (diff) |
Always check bn_wexpend() return values for failure (CVE-2009-3245).
(The CHANGES entry covers the change from PR #2111 as well, submitted by
Martin Olsson.)
Submitted by: Neel Mehta
Diffstat (limited to 'crypto/bn')
-rw-r--r-- | crypto/bn/bn_div.c | 2 | ||||
-rw-r--r-- | crypto/bn/bn_gf2m.c | 3 |
2 files changed, 3 insertions, 2 deletions
diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c index 899d07ca24..802a43d642 100644 --- a/crypto/bn/bn_div.c +++ b/crypto/bn/bn_div.c @@ -102,7 +102,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, /* The next 2 are needed so we can do a dv->d[0]|=1 later * since BN_lshift1 will only work once there is a value :-) */ BN_zero(dv); - bn_wexpand(dv,1); + if(bn_wexpand(dv,1) == NULL) goto end; dv->top=1; if (!BN_lshift(D,D,nm-nd)) goto end; diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c index f7551dacd9..527b0fa15b 100644 --- a/crypto/bn/bn_gf2m.c +++ b/crypto/bn/bn_gf2m.c @@ -232,7 +232,8 @@ int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) if (a->top < b->top) { at = b; bt = a; } else { at = a; bt = b; } - bn_wexpand(r, at->top); + if(bn_wexpand(r, at->top) == NULL) + return 0; for (i = 0; i < bt->top; i++) { |