From: Dr. Matthias St. Pierre Date: Sun, 28 Oct 2018 12:46:35 +0000 (+0100) Subject: drbg_lib: avoid NULL pointer dereference in drbg_add X-Git-Tag: OpenSSL_1_1_1a~76 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=d2953e5e7d8be6e83b35683f41bc0ae971782d16;p=oweals%2Fopenssl.git drbg_lib: avoid NULL pointer dereference in drbg_add Found by Coverity Scan Reviewed-by: Bernd Edlinger Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7511) (cherry picked from commit 59f90557dd6e35cf72ac72016609d759ac78fcb9) --- diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index f396f83478..e7f383a6c1 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -1010,7 +1010,7 @@ static int drbg_add(const void *buf, int num, double randomness) int ret = 0; RAND_DRBG *drbg = RAND_DRBG_get0_master(); size_t buflen; - size_t seedlen = rand_drbg_seedlen(drbg); + size_t seedlen; if (drbg == NULL) return 0; @@ -1018,6 +1018,8 @@ static int drbg_add(const void *buf, int num, double randomness) if (num < 0 || randomness < 0.0) return 0; + seedlen = rand_drbg_seedlen(drbg); + buflen = (size_t)num; if (buflen < seedlen || randomness < (double) seedlen) {