Fix a missing NULL check in dsa_builtin_paramgen
authorMatt Caswell <matt@openssl.org>
Wed, 14 Sep 2016 12:27:59 +0000 (13:27 +0100)
committerMatt Caswell <matt@openssl.org>
Wed, 21 Sep 2016 12:32:30 +0000 (13:32 +0100)
We should check the last BN_CTX_get() call to ensure that it isn't NULL
before we try and use any of the allocated BIGNUMs.

Issue reported by Shi Lei.

Reviewed-by: Richard Levitte <levitte@openssl.org>
crypto/dsa/dsa_gen.c

index 3dac550..11f422e 100644 (file)
@@ -100,6 +100,9 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
     p = BN_CTX_get(ctx);
     test = BN_CTX_get(ctx);
 
+    if (test == NULL)
+        goto err;
+
     if (!BN_lshift(test, BN_value_one(), bits - 1))
         goto err;