diff options
author | slontis <shane.lontis@oracle.com> | 2022-07-01 13:47:11 +1000 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2022-07-05 08:14:20 +0200 |
commit | 7fe7cc57af3db1e497877f0329ba17609b2efc8b (patch) | |
tree | 55546ba3387b73885c04427ff4db36cd0b554374 /crypto | |
parent | 9ef1f848a646565d4dd86e56542cf921d4921ad9 (diff) | |
download | openssl-new-7fe7cc57af3db1e497877f0329ba17609b2efc8b.tar.gz |
Fix bn_gcd code to check return value when calling BN_one()
BN_one() uses the expand function which calls malloc which may fail.
All other places that reference BN_one() check the return value.
The issue is triggered by a memory allocation failure.
Detected by PR #18355
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18697)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/bn/bn_gcd.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c index 6d709811ac..2b42c7df97 100644 --- a/crypto/bn/bn_gcd.c +++ b/crypto/bn/bn_gcd.c @@ -47,7 +47,8 @@ BIGNUM *bn_mod_inverse_no_branch(BIGNUM *in, if (R == NULL) goto err; - BN_one(X); + if (!BN_one(X)) + goto err; BN_zero(Y); if (BN_copy(B, a) == NULL) goto err; @@ -235,7 +236,8 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in, if (R == NULL) goto err; - BN_one(X); + if (!BN_one(X)) + goto err; BN_zero(Y); if (BN_copy(B, a) == NULL) goto err; |