From d2953e5e7d8be6e83b35683f41bc0ae971782d16 Mon Sep 17 00:00:00 2001 From: "Dr. Matthias St. Pierre" Date: Sun, 28 Oct 2018 13:46:35 +0100 Subject: [PATCH] drbg_lib: avoid NULL pointer dereference in drbg_add Found by Coverity Scan Reviewed-by: Bernd Edlinger Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7511) (cherry picked from commit 59f90557dd6e35cf72ac72016609d759ac78fcb9) --- crypto/rand/drbg_lib.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index f396f83478..e7f383a6c1 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -1010,7 +1010,7 @@ static int drbg_add(const void *buf, int num, double randomness) int ret = 0; RAND_DRBG *drbg = RAND_DRBG_get0_master(); size_t buflen; - size_t seedlen = rand_drbg_seedlen(drbg); + size_t seedlen; if (drbg == NULL) return 0; @@ -1018,6 +1018,8 @@ static int drbg_add(const void *buf, int num, double randomness) if (num < 0 || randomness < 0.0) return 0; + seedlen = rand_drbg_seedlen(drbg); + buflen = (size_t)num; if (buflen < seedlen || randomness < (double) seedlen) { -- 2.25.1