From: Dr. Matthias St. Pierre Date: Sun, 28 Oct 2018 12:46:35 +0000 (+0100) Subject: drbg_lib: avoid NULL pointer dereference in drbg_add X-Git-Tag: openssl-3.0.0-alpha1~3009 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=59f90557dd6e35cf72ac72016609d759ac78fcb9;p=oweals%2Fopenssl.git drbg_lib: avoid NULL pointer dereference in drbg_add Found by Coverity Scan Reviewed-by: Bernd Edlinger Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7511) --- diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index ec4aa69db5..796ab67fda 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -1086,7 +1086,7 @@ static int drbg_add(const void *buf, int num, double randomness) int ret = 0; RAND_DRBG *drbg = RAND_DRBG_get0_master(); size_t buflen; - size_t seedlen = rand_drbg_seedlen(drbg); + size_t seedlen; if (drbg == NULL) return 0; @@ -1094,6 +1094,8 @@ static int drbg_add(const void *buf, int num, double randomness) if (num < 0 || randomness < 0.0) return 0; + seedlen = rand_drbg_seedlen(drbg); + buflen = (size_t)num; if (buflen < seedlen || randomness < (double) seedlen) {