diff options
| author |   jsing <jsing@openbsd.org> | 2015-02-19 06:10:29 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2015-02-19 06:10:29 +0000 |
| commit | aab8a614f2e8e7c2655af4a7caaee2b550893d93 (patch) | |
| tree | 4cc65e2688d5a3488eb4cfbf7eb70c284f005cf6 | |
| parent | remove errant reference to mq_enqueue in the mq_enlist description. (diff) | |
| download | wireguard-openbsd-aab8a614f2e8e7c2655af4a7caaee2b550893d93.tar.xz wireguard-openbsd-aab8a614f2e8e7c2655af4a7caaee2b550893d93.zip | |
If BN_rand() or BN_pseudo_rand() are called with a NULL rnd argument,
BN_bin2bn() will helpfully allocate a BN which is then leaked. Avoid this
by explicitly checking for NULL at the start of the bnrand() function.
Fixes Coverity ID 78831.
ok miod@
| -rw-r--r-- | lib/libcrypto/bn/bn_rand.c | 11 | ||||
| -rw-r--r-- | lib/libssl/src/crypto/bn/bn_rand.c | 11 |
2 files changed, 16 insertions, 6 deletions
diff --git a/lib/libcrypto/bn/bn_rand.c b/lib/libcrypto/bn/bn_rand.c index 334c65dd577..ac5c5eb3089 100644 --- a/lib/libcrypto/bn/bn_rand.c +++ b/lib/libcrypto/bn/bn_rand.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_rand.c,v 1.16 2014/10/22 13:02:04 jsing Exp $ */ +/* $OpenBSD: bn_rand.c,v 1.17 2015/02/19 06:10:29 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -123,9 +123,14 @@ bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) unsigned char *buf = NULL; int ret = 0, bit, bytes, mask; + if (rnd == NULL) { + BNerr(BN_F_BNRAND, ERR_R_PASSED_NULL_PARAMETER); + return (0); + } + if (bits == 0) { BN_zero(rnd); - return 1; + return (1); } bytes = (bits + 7) / 8; @@ -175,7 +180,7 @@ bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) buf[0] &= ~mask; if (bottom) /* set bottom bit if requested */ buf[bytes - 1] |= 1; - if (!BN_bin2bn(buf, bytes, rnd)) + if (BN_bin2bn(buf, bytes, rnd) == NULL) goto err; ret = 1; diff --git a/lib/libssl/src/crypto/bn/bn_rand.c b/lib/libssl/src/crypto/bn/bn_rand.c index 334c65dd577..ac5c5eb3089 100644 --- a/lib/libssl/src/crypto/bn/bn_rand.c +++ b/lib/libssl/src/crypto/bn/bn_rand.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_rand.c,v 1.16 2014/10/22 13:02:04 jsing Exp $ */ +/* $OpenBSD: bn_rand.c,v 1.17 2015/02/19 06:10:29 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -123,9 +123,14 @@ bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) unsigned char *buf = NULL; int ret = 0, bit, bytes, mask; + if (rnd == NULL) { + BNerr(BN_F_BNRAND, ERR_R_PASSED_NULL_PARAMETER); + return (0); + } + if (bits == 0) { BN_zero(rnd); - return 1; + return (1); } bytes = (bits + 7) / 8; @@ -175,7 +180,7 @@ bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) buf[0] &= ~mask; if (bottom) /* set bottom bit if requested */ buf[bytes - 1] |= 1; - if (!BN_bin2bn(buf, bytes, rnd)) + if (BN_bin2bn(buf, bytes, rnd) == NULL) goto err; ret = 1; |