kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix memory leak on error in BN_mpi2bn.

Browse Source 
See also upstream's 91fb42ddbef7a88640d1a0f853c941c20df07de7, though that has a
bug if |out| was non-NULL on entry. (I'll send them a patch.)

Change-Id: I807f23007b89063c23e02dac11c4ffb41f847fdf
Reviewed-on: https://boringssl-review.googlesource.com/7810
Reviewed-by: David Benjamin <davidben@google.com>
This commit is contained in:
David Benjamin 2016-04-28 20:28:11 -04:00
parent 6f621bd8f7
commit 3bb5a77205
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
crypto/bn/convert.c
View File

@ -577,12 +577,14 @@ BIGNUM *BN_mpi2bn(const uint8_t *in, size_t len, BIGNUM *out) {
return NULL; return NULL;
} }
int out_is_alloced = 0;
if (out == NULL) { if (out == NULL) {
out = BN_new(); out = BN_new();
} if (out == NULL) {
if (out == NULL) { OPENSSL_PUT_ERROR(BN, ERR_R_MALLOC_FAILURE);
OPENSSL_PUT_ERROR(BN, ERR_R_MALLOC_FAILURE); return NULL;
return NULL; }
out_is_alloced = 1;
} }
if (in_len == 0) { if (in_len == 0) {
@ -592,6 +594,9 @@ BIGNUM *BN_mpi2bn(const uint8_t *in, size_t len, BIGNUM *out) {
in += 4; in += 4;
if (BN_bin2bn(in, in_len, out) == NULL) { if (BN_bin2bn(in, in_len, out) == NULL) {
if (out_is_alloced) {
BN_free(out);
}
return NULL; return NULL;
} }
out->neg = ((*in) & 0x80) != 0; out->neg = ((*in) & 0x80) != 0;