drbg_lib: avoid NULL pointer dereference in drbg_add
authorDr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Sun, 28 Oct 2018 12:46:35 +0000 (13:46 +0100)
committerDr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Sun, 28 Oct 2018 18:21:12 +0000 (19:21 +0100)
Found by Coverity Scan

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7511)

(cherry picked from commit 59f90557dd6e35cf72ac72016609d759ac78fcb9)

crypto/rand/drbg_lib.c

index f396f83478bee228822b27f6a7ba33127ed006f7..e7f383a6c14e4b7d7b31c962c679615bfc3d086a 100644 (file)
@@ -1010,7 +1010,7 @@ static int drbg_add(const void *buf, int num, double randomness)
     int ret = 0;
     RAND_DRBG *drbg = RAND_DRBG_get0_master();
     size_t buflen;
-    size_t seedlen = rand_drbg_seedlen(drbg);
+    size_t seedlen;
 
     if (drbg == NULL)
         return 0;
@@ -1018,6 +1018,8 @@ static int drbg_add(const void *buf, int num, double randomness)
     if (num < 0 || randomness < 0.0)
         return 0;
 
+    seedlen = rand_drbg_seedlen(drbg);
+
     buflen = (size_t)num;
 
     if (buflen < seedlen || randomness < (double) seedlen) {