From 8eab767a718f44ccba9888eeb81a5328cff47bab Mon Sep 17 00:00:00 2001
From: Pauli <paul.dale@oracle.com>
Date: Fri, 29 Jun 2018 09:55:23 +1000
Subject: [PATCH] Check return from BN_set_word. In ssl/t1_lib.c.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6613)
---
 ssl/t1_lib.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 1826dd2bb3..abf523e49c 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2309,13 +2309,16 @@ DH *ssl_get_auto_dh(SSL *s)
         if (dhp == NULL)
             return NULL;
         g = BN_new();
-        if (g != NULL)
-            BN_set_word(g, 2);
+        if (g == NULL || !BN_set_word(g, 2)) {
+            DH_free(dhp);
+            BN_free(g);
+            return NULL;
+        }
         if (dh_secbits >= 192)
             p = BN_get_rfc3526_prime_8192(NULL);
         else
             p = BN_get_rfc3526_prime_3072(NULL);
-        if (p == NULL || g == NULL || !DH_set0_pqg(dhp, p, NULL, g)) {
+        if (p == NULL || !DH_set0_pqg(dhp, p, NULL, g)) {
             DH_free(dhp);
             BN_free(p);
             BN_free(g);
-- 
2.25.1