Free a BIGNUM on error in BN_mpi2bn

In the BN_mpi2bn() function, a failure of a call to BN_bin2bn() could result in the leak of a previously allocated BIGNUM value. Reviewed-by: N Richard Levitte <levitte@openssl.org>

Free a BIGNUM on error in BN_mpi2bn
In the BN_mpi2bn() function, a failure of a call to BN_bin2bn() could result in the leak of a previously allocated BIGNUM value. Reviewed-by: N Richard Levitte <levitte@openssl.org>
91fb42dd · Matt Caswell · b0b6ba2d · 91fb42dd
隐藏空白更改
内联并排

Showing with 9 addition and 7 deletion

crypto/bn/bn_mpi.c crypto/bn/bn_mpi.c +9 -7

未找到文件。
--- a/crypto/bn/bn_mpi.c
+++ b/crypto/bn/bn_mpi.c
@@ -94,34 +94,36 @@ BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a)

    if (n < 4) {
        BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH);
-        return (NULL);
+        return NULL;
    }
    len = ((long)d[0] << 24) | ((long)d[1] << 16) | ((int)d[2] << 8) | (int)
        d[3];
    if ((len + 4) != n) {
        BNerr(BN_F_BN_MPI2BN, BN_R_ENCODING_ERROR);
-        return (NULL);
+        return NULL;
    }

    if (a == NULL)
        a = BN_new();
    if (a == NULL)
-        return (NULL);
+        return NULL;

    if (len == 0) {
        a->neg = 0;
        a->top = 0;
-        return (a);
+        return a;
    }
    d += 4;
    if ((*d) & 0x80)
        neg = 1;
-    if (BN_bin2bn(d, (int)len, a) == NULL)
-        return (NULL);
+    if (BN_bin2bn(d, (int)len, a) == NULL) {
+        BN_free(a);
+        return NULL;
+    }
    a->neg = neg;
    if (neg) {
        BN_clear_bit(a, BN_num_bits(a) - 1);
    }
    bn_check_top(a);
-    return (a);
+    return a;
 }