From 2d9dcd4ff0923347fab727ac90e8526dd65e4e07 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bodo=20M=C3=B6ller?= <bodo@openssl.org>
Date: Tue, 23 Feb 2010 10:36:35 +0000
Subject: Always check bn_wexpend() return values for failure (CVE-2009-3245).

(The CHANGES entry covers the change from PR #2111 as well, submitted by
Martin Olsson.)

Submitted by: Neel Mehta
---
 crypto/bn/bn_gf2m.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'crypto/bn/bn_gf2m.c')

diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c
index f7551dacd9..527b0fa15b 100644
--- a/crypto/bn/bn_gf2m.c
+++ b/crypto/bn/bn_gf2m.c
@@ -232,7 +232,8 @@ int	BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
 	if (a->top < b->top) { at = b; bt = a; }
 	else { at = a; bt = b; }
 
-	bn_wexpand(r, at->top);
+	if(bn_wexpand(r, at->top) == NULL)
+		return 0;
 
 	for (i = 0; i < bt->top; i++)
 		{
-- 
cgit v1.2.3