drbg_lib: avoid NULL pointer dereference in drbg_add
authorDr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Sun, 28 Oct 2018 12:46:35 +0000 (13:46 +0100)
committerDr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Sun, 28 Oct 2018 18:19:17 +0000 (19:19 +0100)
Found by Coverity Scan

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7511)

crypto/rand/drbg_lib.c

index ec4aa69..796ab67 100644 (file)
@@ -1086,7 +1086,7 @@ static int drbg_add(const void *buf, int num, double randomness)
     int ret = 0;
     RAND_DRBG *drbg = RAND_DRBG_get0_master();
     size_t buflen;
-    size_t seedlen = rand_drbg_seedlen(drbg);
+    size_t seedlen;
 
     if (drbg == NULL)
         return 0;
@@ -1094,6 +1094,8 @@ static int drbg_add(const void *buf, int num, double randomness)
     if (num < 0 || randomness < 0.0)
         return 0;
 
+    seedlen = rand_drbg_seedlen(drbg);
+
     buflen = (size_t)num;
 
     if (buflen < seedlen || randomness < (double) seedlen) {