[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Matt Caswell matt at openssl.org
Wed Sep 21 12:39:39 UTC 2016

The branch OpenSSL_1_0_2-stable has been updated
       via  d0cbaa2f3a36a3359ee979f0262f0ff514630509 (commit)
      from  a5e55f62975c0f978eb348763a1de0cd923f0d77 (commit)

- Log -----------------------------------------------------------------
commit d0cbaa2f3a36a3359ee979f0262f0ff514630509
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Sep 14 13:27:59 2016 +0100

    Fix a missing NULL check in dsa_builtin_paramgen
    We should check the last BN_CTX_get() call to ensure that it isn't NULL
    before we try and use any of the allocated BIGNUMs.
    Issue reported by Shi Lei.
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (cherry picked from commit 1ff7425d6130380bb00d3e64739633a4b21b11a3)


Summary of changes:
 crypto/dsa/dsa_gen.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index f6de684..1fce0f8 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -185,6 +185,9 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
     p = BN_CTX_get(ctx);
     test = BN_CTX_get(ctx);
+    if (test == NULL)
+        goto err;
     if (!BN_lshift(test, BN_value_one(), bits - 1))
         goto err;

More information about the openssl-commits mailing list