From 177118fc2b1aa04933d03187cd50ae3a4bfdf3d2 Mon Sep 17 00:00:00 2001
From: Rich Salz <rsalz@openssl.org>
Date: Thu, 4 Sep 2014 12:55:31 -0400
Subject: RT2849: Redundant check of "dsa" variable.

In the current code, the check isn't redundant.
And in fact the REAL check was missing.
This avoids a NULL-deref crash.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
---
 fips/dsa/fips_dssvs.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/fips/dsa/fips_dssvs.c b/fips/dsa/fips_dssvs.c
index cee5fb398e..bd7055d463 100644
--- a/fips/dsa/fips_dssvs.c
+++ b/fips/dsa/fips_dssvs.c
@@ -553,6 +553,11 @@ static void keypair(FILE *in, FILE *out)
 	    int n=atoi(value);
 
 	    dsa = FIPS_dsa_new();
+	    if (!dsa)
+		{
+		fprintf(stderr, "DSA allocation error\n");
+		exit(1);
+		}
 	    if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, NULL, NULL, 0,
 						NULL, NULL, NULL, NULL))
 			{
@@ -579,8 +584,7 @@ static void keypair(FILE *in, FILE *out)
 		do_bn_print_name(out, "Y",dsa->pub_key);
 	    	fputs(RESP_EOL, out);
 		}
-	    if (dsa)
-		FIPS_dsa_free(dsa);
+	    FIPS_dsa_free(dsa);
 	    }
 	}
     }
-- 
cgit v1.2.1