From d43868803f4819bd2369eda390f010284b476c3f Mon Sep 17 00:00:00 2001
From: rpointel <>
Date: Mon, 20 Jul 2015 18:23:52 +0000
Subject: check the sigbuf value before using it. ok miod@ (thanks).

---
 src/usr.bin/openssl/dgst.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/usr.bin/openssl/dgst.c b/src/usr.bin/openssl/dgst.c
index 655b2083d0..c9ac057d01 100644
--- a/src/usr.bin/openssl/dgst.c
+++ b/src/usr.bin/openssl/dgst.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dgst.c,v 1.2 2015/07/20 17:10:45 doug Exp $ */
+/* $OpenBSD: dgst.c,v 1.3 2015/07/20 18:23:52 rpointel Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -393,9 +393,14 @@ mac_end:
 
 	if (sigfile && sigkey) {
 		BIO *sigbio;
-		sigbio = BIO_new_file(sigfile, "rb");
 		siglen = EVP_PKEY_size(sigkey);
 		sigbuf = malloc(siglen);
+		if (sigbuf == NULL) {
+			BIO_printf(bio_err, "out of memory\n");
+			ERR_print_errors(bio_err);
+			goto end;
+		}
+		sigbio = BIO_new_file(sigfile, "rb");
 		if (!sigbio) {
 			BIO_printf(bio_err, "Error opening signature file %s\n",
 			    sigfile);
-- 
cgit v1.2.3-55-g6feb