projects / oweals / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bbcfd60)
Check a return value in the SRP code
authorMatt Caswell <matt@openssl.org>
Mon, 14 Jan 2019 11:06:43 +0000 (11:06 +0000)
committerMatt Caswell <matt@openssl.org>
Tue, 15 Jan 2019 11:35:08 +0000 (11:35 +0000)
Spotted by OSTIF audit

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8019)

(cherry picked from commit 0a5bda639f8fd59e15051cf757708e3b94bcf399)

crypto/srp/srp_vfy.c patch | blob | history

diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
index 17b35c00f9da8ccef487a925a11836a88adca9b1..1c405128c0351a9059918fbc09a9a3ea9f3d7b2d 100644 (file)
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@@ -691,6 +691,8 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
     }
 
     x = SRP_Calc_x(salttmp, user, pass);
+    if (x == NULL)
+        goto err;
 
     *verifier = BN_new();
     if (*verifier == NULL)
Unnamed repository; edit this file 'description' to name the repository.