drbg_lib: avoid NULL pointer dereference in drbg_add

Found by Coverity Scan Reviewed-by: N Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: N Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7511) (cherry picked from commit 59f90557dd6e35cf72ac72016609d759ac78fcb9)

drbg_lib: avoid NULL pointer dereference in drbg_add
Found by Coverity Scan Reviewed-by: N Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: N Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7511) (cherry picked from commit 59f90557dd6e35cf72ac72016609d759ac78fcb9)
d2953e5e · Dr. Matthias St. Pierre · 54dea92f · d2953e5e
隐藏空白更改
内联并排

Showing with 3 addition and 1 deletion

crypto/rand/drbg_lib.c crypto/rand/drbg_lib.c +3 -1

未找到文件。
--- a/crypto/rand/drbg_lib.c
+++ b/crypto/rand/drbg_lib.c
@@ -1010,7 +1010,7 @@ static int drbg_add(const void *buf, int num, double randomness)
    int ret = 0;
    RAND_DRBG *drbg = RAND_DRBG_get0_master();
    size_t buflen;
-    size_t seedlen = rand_drbg_seedlen(drbg);
+    size_t seedlen;

    if (drbg == NULL)
        return 0;
@@ -1018,6 +1018,8 @@ static int drbg_add(const void *buf, int num, double randomness)
    if (num < 0 || randomness < 0.0)
        return 0;

+    seedlen = rand_drbg_seedlen(drbg);
+
    buflen = (size_t)num;

    if (buflen < seedlen || randomness < (double) seedlen) {