From d42c356882229765c5a502c32656c49eefcce7b4 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 14 Jan 2019 11:06:43 +0000 Subject: Check a return value in the SRP code Spotted by OSTIF audit Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8019) (cherry picked from commit 0a5bda639f8fd59e15051cf757708e3b94bcf399) --- crypto/srp/srp_vfy.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'crypto/srp') diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c index 17b35c00f9..1c405128c0 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c @@ -691,6 +691,8 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, } x = SRP_Calc_x(salttmp, user, pass); + if (x == NULL) + goto err; *verifier = BN_new(); if (*verifier == NULL) -- cgit v1.2.3