Fix memory leak in BN_rand_range()

The patch enables BN_rand_range() to exit immediately
if BIGNUM *rnd is NULL.

CLA: trivial

Fixes: #18951
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18982)

(cherry picked from commit 70f589ae41928edda18470ba1c3df82af02a92b3)

diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index 1b495969906fc5d16263f351ab5217b76a5a569f..fd17e7a6011411ab2500a790be29295d29a2f8a1 100644 (file)
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -136,6 +136,11 @@ static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range,
     int n;
     int count = 100;
 
+    if (r == NULL) {
+        ERR_raise(ERR_LIB_BN, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     if (range->neg || BN_is_zero(range)) {
         ERR_raise(ERR_LIB_BN, BN_R_INVALID_RANGE);
         return 0;