[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Matt Caswell matt at openssl.org
Wed Sep 21 12:39:57 UTC 2016

The branch OpenSSL_1_1_0-stable has been updated
       via  6bdd2637daa862706598d04ae2750a920ebee0ae (commit)
      from  cade326432099f60c08a8004ce694eedcd5c500b (commit)

- Log -----------------------------------------------------------------
commit 6bdd2637daa862706598d04ae2750a920ebee0ae
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Sep 14 13:27:59 2016 +0100

    Fix a missing NULL check in dsa_builtin_paramgen
    We should check the last BN_CTX_get() call to ensure that it isn't NULL
    before we try and use any of the allocated BIGNUMs.
    Issue reported by Shi Lei.
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (cherry picked from commit 1ff7425d6130380bb00d3e64739633a4b21b11a3)


Summary of changes:
 crypto/dsa/dsa_gen.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 3dac550..11f422e 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -100,6 +100,9 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
     p = BN_CTX_get(ctx);
     test = BN_CTX_get(ctx);
+    if (test == NULL)
+        goto err;
     if (!BN_lshift(test, BN_value_one(), bits - 1))
         goto err;

More information about the openssl-commits mailing list