Fix a NULL deref in an error path

The SRP_create_verifier_BN function goes to the |err| label if the |salt| value passed to it is NULL. It is then deref'd. Reviewed-by: N Rich Salz <rsalz@openssl.org>

Fix a NULL deref in an error path
The SRP_create_verifier_BN function goes to the |err| label if the |salt| value passed to it is NULL. It is then deref'd. Reviewed-by: N Rich Salz <rsalz@openssl.org>
3bbd1d63 · Matt Caswell · e113c9c5 · 3bbd1d63
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

crypto/srp/srp_vfy.c crypto/srp/srp_vfy.c +1 -1

未找到文件。
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@@ -644,7 +644,7 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
    *salt = salttmp;

 err:
-    if (*salt != salttmp)
+    if (salt != NULL && *salt != salttmp)
        BN_clear_free(salttmp);
    BN_clear_free(x);
    BN_CTX_free(bn_ctx);