From d70323f1c5fcc8845a2edf48b49178526b7b0305 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Wed, 17 Jun 2009 11:25:42 +0000
Subject: [PATCH 1/1] Submitted by: Peter Gutmann <pgut001@cs.auckland.ac.nz>
 Approved by: steve@openssl.org

Check return values for NULL in case of malloc failure.
---
 crypto/bn/bn_div.c | 3 ++-
 crypto/bn/bn_exp.c | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c
index 6db472f8c3..899d07ca24 100644
--- a/crypto/bn/bn_div.c
+++ b/crypto/bn/bn_div.c
@@ -229,7 +229,8 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 	if (dv == NULL)
 		res=BN_CTX_get(ctx);
 	else	res=dv;
-	if (sdiv == NULL || res == NULL) goto err;
+	if (sdiv == NULL || res == NULL || tmp == NULL || snum == NULL)
+		goto err;
 
 	/* First we normalise the numbers */
 	norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
index 70a33f0d93..d9b6c737fc 100644
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@@ -134,7 +134,8 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
 		rr = BN_CTX_get(ctx);
 	else
 		rr = r;
-	if ((v = BN_CTX_get(ctx)) == NULL) goto err;
+	v = BN_CTX_get(ctx);
+	if (rr == NULL || v == NULL) goto err;
 
 	if (BN_copy(v,a) == NULL) goto err;
 	bits=BN_num_bits(p);
-- 
2.34.1