Fix memory leak in DH_get_nid()
authorBenjamin Kaduk <bkaduk@akamai.com>
Thu, 12 Oct 2017 17:12:10 +0000 (12:12 -0500)
committerBenjamin Kaduk <bkaduk@akamai.com>
Thu, 12 Oct 2017 17:21:28 +0000 (12:21 -0500)
If q is non-NULL but p is indeed a safe prime, a modified copy
of p could be leaked.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4525)

crypto/dh/dh_rfc7919.c

index d01ba6f..a54b468 100644 (file)
@@ -66,10 +66,9 @@ int DH_get_nid(const DH *dh)
         BIGNUM *q = BN_dup(dh->p);
 
         /* Check q = p * 2 + 1 we already know q is odd, so just shift right */
-        if (q == NULL || !BN_rshift1(q, q) || !BN_cmp(dh->q, q)) {
-            BN_free(q);
-            return NID_undef;
-        }
+        if (q == NULL || !BN_rshift1(q, q) || !BN_cmp(dh->q, q))
+            nid = NID_undef;
+        BN_free(q);
     }
     return nid;
 }