If BN_rand() or BN_pseudo_rand() are called with a NULL rnd argument,

BN_bin2bn() will helpfully allocate a BN which is then leaked. Avoid this by explicitly checking for NULL at the start of the bnrand() function. Fixes Coverity ID 78831. ok miod@
author: jsing <> 2015-02-19 06:10:29 +0000
committer: jsing <> 2015-02-19 06:10:29 +0000
commit: b48cf8cc3375610db39211d1da5904ff311d75d8 (patch)
tree: a2bee07c521bf3d450b8d9880388795bf6bb56c2
parent: 8ad720213befab5b57cf61e74b30f2150bee6153 (diff)
download: openbsd-b48cf8cc3375610db39211d1da5904ff311d75d8.tar.gz
openbsd-b48cf8cc3375610db39211d1da5904ff311d75d8.tar.bz2
openbsd-b48cf8cc3375610db39211d1da5904ff311d75d8.zip
2 files changed, 16 insertions, 6 deletions
diff --git a/src/lib/libcrypto/bn/bn_rand.c b/src/lib/libcrypto/bn/bn_rand.c
index 334c65dd57..ac5c5eb308 100644
--- a/src/lib/libcrypto/bn/bn_rand.c
+++ b/src/lib/libcrypto/bn/bn_rand.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_rand.c,v 1.16 2014/10/22 13:02:04 jsing Exp $ */
+/* $OpenBSD: bn_rand.c,v 1.17 2015/02/19 06:10:29 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -123,9 +123,14 @@ bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
        unsigned char *buf = NULL;
        int ret = 0, bit, bytes, mask;
+        if (rnd == NULL) {
+                BNerr(BN_F_BNRAND, ERR_R_PASSED_NULL_PARAMETER);
+                return (0);
+        }
        if (bits == 0) {
                BN_zero(rnd);
-                return 1;
+                return (1);
        }
        bytes = (bits + 7) / 8;
@@ -175,7 +180,7 @@ bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
        buf[0] &= ~mask;
        if (bottom) /* set bottom bit if requested */
                buf[bytes - 1] |= 1;
-        if (!BN_bin2bn(buf, bytes, rnd))
+        if (BN_bin2bn(buf, bytes, rnd) == NULL)
                goto err;
        ret = 1;
diff --git a/src/lib/libssl/src/crypto/bn/bn_rand.c b/src/lib/libssl/src/crypto/bn/bn_rand.c
index 334c65dd57..ac5c5eb308 100644
--- a/src/lib/libssl/src/crypto/bn/bn_rand.c
+++ b/src/lib/libssl/src/crypto/bn/bn_rand.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_rand.c,v 1.16 2014/10/22 13:02:04 jsing Exp $ */
+/* $OpenBSD: bn_rand.c,v 1.17 2015/02/19 06:10:29 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -123,9 +123,14 @@ bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
        unsigned char *buf = NULL;
        int ret = 0, bit, bytes, mask;
+        if (rnd == NULL) {
+                BNerr(BN_F_BNRAND, ERR_R_PASSED_NULL_PARAMETER);
+                return (0);
+        }
        if (bits == 0) {
                BN_zero(rnd);
-                return 1;
+                return (1);
        }
        bytes = (bits + 7) / 8;
@@ -175,7 +180,7 @@ bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
        buf[0] &= ~mask;
        if (bottom) /* set bottom bit if requested */
                buf[bytes - 1] |= 1;
-        if (!BN_bin2bn(buf, bytes, rnd))
+        if (BN_bin2bn(buf, bytes, rnd) == NULL)
                goto err;
        ret = 1;
author	jsing <>	2015-02-19 06:10:29 +0000
committer	jsing <>	2015-02-19 06:10:29 +0000
commit	b48cf8cc3375610db39211d1da5904ff311d75d8 (patch)
tree	a2bee07c521bf3d450b8d9880388795bf6bb56c2
parent	8ad720213befab5b57cf61e74b30f2150bee6153 (diff)
download	openbsd-b48cf8cc3375610db39211d1da5904ff311d75d8.tar.gz openbsd-b48cf8cc3375610db39211d1da5904ff311d75d8.tar.bz2 openbsd-b48cf8cc3375610db39211d1da5904ff311d75d8.zip