Fix memory leak on error in BN_mpi2bn.
See also upstream's 91fb42ddbef7a88640d1a0f853c941c20df07de7, though that has a bug if |out| was non-NULL on entry. (I'll send them a patch.) Change-Id: I807f23007b89063c23e02dac11c4ffb41f847fdf Reviewed-on: https://boringssl-review.googlesource.com/7810 Reviewed-by: David Benjamin <davidben@google.com>
This commit is contained in:
parent
6f621bd8f7
commit
3bb5a77205
@ -577,13 +577,15 @@ BIGNUM *BN_mpi2bn(const uint8_t *in, size_t len, BIGNUM *out) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
int out_is_alloced = 0;
|
||||
if (out == NULL) {
|
||||
out = BN_new();
|
||||
}
|
||||
if (out == NULL) {
|
||||
OPENSSL_PUT_ERROR(BN, ERR_R_MALLOC_FAILURE);
|
||||
return NULL;
|
||||
}
|
||||
out_is_alloced = 1;
|
||||
}
|
||||
|
||||
if (in_len == 0) {
|
||||
BN_zero(out);
|
||||
@ -592,6 +594,9 @@ BIGNUM *BN_mpi2bn(const uint8_t *in, size_t len, BIGNUM *out) {
|
||||
|
||||
in += 4;
|
||||
if (BN_bin2bn(in, in_len, out) == NULL) {
|
||||
if (out_is_alloced) {
|
||||
BN_free(out);
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
out->neg = ((*in) & 0x80) != 0;
|
||||
|
Loading…
Reference in New Issue
Block a user