Add missing return value checks

The function DH_check_pub_key() was missing some return value checks in some calls to BN functions. RT#4278 Reviewed-by: N Andy Polyakov <appro@openssl.org>

Add missing return value checks
The function DH_check_pub_key() was missing some return value checks in some calls to BN functions. RT#4278 Reviewed-by: N Andy Polyakov <appro@openssl.org>
f5a12207 · Matt Caswell · cb389fe8 · f5a12207
隐藏空白更改
内联并排

Showing with 3 addition and 4 deletion

crypto/dh/dh_check.c crypto/dh/dh_check.c +3 -4

未找到文件。
--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
@@ -151,13 +151,12 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
        goto err;
    BN_CTX_start(ctx);
    tmp = BN_CTX_get(ctx);
-    if (tmp == NULL)
+    if (tmp == NULL || !BN_set_word(tmp, 1))
        goto err;
-    BN_set_word(tmp, 1);
    if (BN_cmp(pub_key, tmp) <= 0)
        *ret |= DH_CHECK_PUBKEY_TOO_SMALL;
-    BN_copy(tmp, dh->p);
-    BN_sub_word(tmp, 1);
+    if (BN_copy(tmp, dh->p) == NULL || !BN_sub_word(tmp, 1))
+        goto err;
    if (BN_cmp(pub_key, tmp) >= 0)
        *ret |= DH_CHECK_PUBKEY_TOO_LARGE;