From 3a7fef712ff3b788a0da6afb3334dcb656b65b8b Mon Sep 17 00:00:00 2001
From: guenther <>
Date: Tue, 11 Nov 2014 06:23:43 +0000
Subject: Don't free garbage in ec_wNAF_mul() if wNAF could be allocated but
 other allocations in the same block couldn't.

problem pointed out by David Ramos on the openssl-dev list
ok miod@ doug@
---
 src/lib/libcrypto/ec/ec_mult.c         | 16 +++++++++++-----
 src/lib/libssl/src/crypto/ec/ec_mult.c | 16 +++++++++++-----
 2 files changed, 22 insertions(+), 10 deletions(-)

diff --git a/src/lib/libcrypto/ec/ec_mult.c b/src/lib/libcrypto/ec/ec_mult.c
index 4e49ce4f7b..3dc17bc409 100644
--- a/src/lib/libcrypto/ec/ec_mult.c
+++ b/src/lib/libcrypto/ec/ec_mult.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_mult.c,v 1.14 2014/07/12 16:03:37 miod Exp $ */
+/* $OpenBSD: ec_mult.c,v 1.15 2014/11/11 06:23:43 guenther Exp $ */
 /*
  * Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project.
  */
@@ -425,17 +425,23 @@ ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar,
 	}
 	totalnum = num + numblocks;
 
-	wsize = reallocarray(NULL, totalnum, sizeof wsize[0]);
-	wNAF_len = reallocarray(NULL, totalnum, sizeof wNAF_len[0]);
 	/* includes space for pivot */
 	wNAF = reallocarray(NULL, (totalnum + 1), sizeof wNAF[0]);
+	if (wNAF == NULL) {
+		ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
+		goto err;
+	}
+
+	wNAF[0] = NULL;		/* preliminary pivot */
+
+	wsize = reallocarray(NULL, totalnum, sizeof wsize[0]);
+	wNAF_len = reallocarray(NULL, totalnum, sizeof wNAF_len[0]);
 	val_sub = reallocarray(NULL, totalnum, sizeof val_sub[0]);
 
-	if (!wsize || !wNAF_len || !wNAF || !val_sub) {
+	if (wsize == NULL || wNAF_len == NULL || val_sub == NULL) {
 		ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
 		goto err;
 	}
-	wNAF[0] = NULL;		/* preliminary pivot */
 
 	/* num_val will be the total number of temporarily precomputed points */
 	num_val = 0;
diff --git a/src/lib/libssl/src/crypto/ec/ec_mult.c b/src/lib/libssl/src/crypto/ec/ec_mult.c
index 4e49ce4f7b..3dc17bc409 100644
--- a/src/lib/libssl/src/crypto/ec/ec_mult.c
+++ b/src/lib/libssl/src/crypto/ec/ec_mult.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_mult.c,v 1.14 2014/07/12 16:03:37 miod Exp $ */
+/* $OpenBSD: ec_mult.c,v 1.15 2014/11/11 06:23:43 guenther Exp $ */
 /*
  * Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project.
  */
@@ -425,17 +425,23 @@ ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar,
 	}
 	totalnum = num + numblocks;
 
-	wsize = reallocarray(NULL, totalnum, sizeof wsize[0]);
-	wNAF_len = reallocarray(NULL, totalnum, sizeof wNAF_len[0]);
 	/* includes space for pivot */
 	wNAF = reallocarray(NULL, (totalnum + 1), sizeof wNAF[0]);
+	if (wNAF == NULL) {
+		ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
+		goto err;
+	}
+
+	wNAF[0] = NULL;		/* preliminary pivot */
+
+	wsize = reallocarray(NULL, totalnum, sizeof wsize[0]);
+	wNAF_len = reallocarray(NULL, totalnum, sizeof wNAF_len[0]);
 	val_sub = reallocarray(NULL, totalnum, sizeof val_sub[0]);
 
-	if (!wsize || !wNAF_len || !wNAF || !val_sub) {
+	if (wsize == NULL || wNAF_len == NULL || val_sub == NULL) {
 		ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
 		goto err;
 	}
-	wNAF[0] = NULL;		/* preliminary pivot */
 
 	/* num_val will be the total number of temporarily precomputed points */
 	num_val = 0;
-- 
cgit v1.2.3-55-g6feb