From b8f1c116a357285ccb4905cd88c83f5076bafb52 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 28 Apr 2016 19:53:08 +0100 Subject: [PATCH] Don't free the BIGNUM passed to BN_mpi2bn Commit 91fb42dd fixed a leak but introduced a problem where a parameter is erroneously freed instead. Reviewed-by: Tim Hudson Reviewed-by: Rich Salz --- crypto/bn/bn_mpi.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/crypto/bn/bn_mpi.c b/crypto/bn/bn_mpi.c index 86d96750b9..cb8f0b8dca 100644 --- a/crypto/bn/bn_mpi.c +++ b/crypto/bn/bn_mpi.c @@ -87,10 +87,11 @@ int BN_bn2mpi(const BIGNUM *a, unsigned char *d) return (num + 4 + ext); } -BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a) +BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *ain) { long len; int neg = 0; + BIGNUM *a = NULL; if (n < 4) { BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH); @@ -103,8 +104,11 @@ BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a) return NULL; } - if (a == NULL) + if (ain == NULL) a = BN_new(); + else + a = ain; + if (a == NULL) return NULL; @@ -117,7 +121,8 @@ BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a) if ((*d) & 0x80) neg = 1; if (BN_bin2bn(d, (int)len, a) == NULL) { - BN_free(a); + if (ain == NULL) + BN_free(a); return NULL; } a->neg = neg; -- 2.25.1