Add missing return value checks

The function DH_check_pub_key() was missing some return value checks in some calls to BN functions. RT#4278 Reviewed-by: Andy Polyakov <appro@openssl.org>
author: Matt Caswell <matt@openssl.org> 2016-01-29 09:40:03 +0000
committer: Matt Caswell <matt@openssl.org> 2016-01-29 11:53:32 +0000
commit: f5a12207eccfd814bde68b880a96910dfa25f164 (patch)
tree: 7b950bdb5865a1271d94ed0c61788f4da8377545 /crypto/dh
parent: cb389fe80462e20daba30835a9e86354451bd14f (diff)
1 files changed, 3 insertions, 4 deletions
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
index 3f9e90e924..2cc218dbdc 100644
--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
@@ -151,13 +151,12 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
         goto err;
     BN_CTX_start(ctx);
     tmp = BN_CTX_get(ctx);
-    if (tmp == NULL)
+    if (tmp == NULL || !BN_set_word(tmp, 1))
         goto err;
-    BN_set_word(tmp, 1);
     if (BN_cmp(pub_key, tmp) <= 0)
         *ret |= DH_CHECK_PUBKEY_TOO_SMALL;
-    BN_copy(tmp, dh->p);
-    BN_sub_word(tmp, 1);
+    if (BN_copy(tmp, dh->p) == NULL || !BN_sub_word(tmp, 1))
+        goto err;
     if (BN_cmp(pub_key, tmp) >= 0)
         *ret |= DH_CHECK_PUBKEY_TOO_LARGE;
author	Matt Caswell <matt@openssl.org>	2016-01-29 09:40:03 +0000
committer	Matt Caswell <matt@openssl.org>	2016-01-29 11:53:32 +0000
commit	f5a12207eccfd814bde68b880a96910dfa25f164 (patch)
tree	7b950bdb5865a1271d94ed0c61788f4da8377545 /crypto/dh
parent	cb389fe80462e20daba30835a9e86354451bd14f (diff)