generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Always check bn_wexpend() return values for failure (CVE-2009-3245).

Browse Source 
(The CHANGES entry covers the change from PR #2111 as well, submitted by
Martin Olsson.)

Submitted by: Neel Mehta
This commit is contained in:
Bodo Möller
2010-02-23 10:36:30 +00:00
parent 32567c9f3b
commit 7fe747d1eb
4 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
engines/e_ubsec.c
View File

@@ -935,7 +935,7 @@ static int ubsec_dh_generate_key(DH *dh)
priv_key = BN_new();
if (priv_key == NULL) goto err;
priv_key_len = BN_num_bits(dh->p);
bn_wexpand(priv_key, dh->p->top);
if(bn_wexpand(priv_key, dh->p->top) == NULL) goto err;
do
if (!BN_rand_range(priv_key, dh->p)) goto err;
while (BN_is_zero(priv_key));
@@ -950,7 +950,7 @@ static int ubsec_dh_generate_key(DH *dh)
{
pub_key = BN_new();
pub_key_len = BN_num_bits(dh->p);
bn_wexpand(pub_key, dh->p->top);
if(bn_wexpand(pub_key, dh->p->top) == NULL) goto err;
if(pub_key == NULL) goto err;
}
else