From: Matt Caswell Date: Wed, 27 Apr 2016 11:55:44 +0000 (+0100) Subject: Free a BIGNUM on error in BN_mpi2bn X-Git-Tag: OpenSSL_1_1_0-pre6~1035 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=91fb42dd;p=oweals%2Fopenssl.git Free a BIGNUM on error in BN_mpi2bn In the BN_mpi2bn() function, a failure of a call to BN_bin2bn() could result in the leak of a previously allocated BIGNUM value. Reviewed-by: Richard Levitte --- diff --git a/crypto/bn/bn_mpi.c b/crypto/bn/bn_mpi.c index 80d105dd55..86d96750b9 100644 --- a/crypto/bn/bn_mpi.c +++ b/crypto/bn/bn_mpi.c @@ -94,34 +94,36 @@ BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a) if (n < 4) { BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH); - return (NULL); + return NULL; } len = ((long)d[0] << 24) | ((long)d[1] << 16) | ((int)d[2] << 8) | (int) d[3]; if ((len + 4) != n) { BNerr(BN_F_BN_MPI2BN, BN_R_ENCODING_ERROR); - return (NULL); + return NULL; } if (a == NULL) a = BN_new(); if (a == NULL) - return (NULL); + return NULL; if (len == 0) { a->neg = 0; a->top = 0; - return (a); + return a; } d += 4; if ((*d) & 0x80) neg = 1; - if (BN_bin2bn(d, (int)len, a) == NULL) - return (NULL); + if (BN_bin2bn(d, (int)len, a) == NULL) { + BN_free(a); + return NULL; + } a->neg = neg; if (neg) { BN_clear_bit(a, BN_num_bits(a) - 1); } bn_check_top(a); - return (a); + return a; }