[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Fri Jun 29 03:26:27 UTC 2018

The branch OpenSSL_1_1_0-stable has been updated
       via  c7b9e7be89c987fbf065852d846ac4982a32941b (commit)
      from  e21602857e79becb64eb8cba3673830bd7a304e3 (commit)


- Log -----------------------------------------------------------------
commit c7b9e7be89c987fbf065852d846ac4982a32941b
Author: Pauli <paul.dale at oracle.com>
Date:   Fri Jun 29 09:55:23 2018 +1000

    Check return from BN_set_word.
    In ssl/t1_lib.c.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6613)
    
    (cherry picked from commit 8eab767a718f44ccba9888eeb81a5328cff47bab)

-----------------------------------------------------------------------

Summary of changes:
 ssl/t1_lib.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 3dddd9c..95711fb 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -4141,13 +4141,16 @@ DH *ssl_get_auto_dh(SSL *s)
         if (dhp == NULL)
             return NULL;
         g = BN_new();
-        if (g != NULL)
-            BN_set_word(g, 2);
+        if (g == NULL || !BN_set_word(g, 2)) {
+            DH_free(dhp);
+            BN_free(g);
+            return NULL;
+        }
         if (dh_secbits >= 192)
             p = BN_get_rfc3526_prime_8192(NULL);
         else
             p = BN_get_rfc3526_prime_3072(NULL);
-        if (p == NULL || g == NULL || !DH_set0_pqg(dhp, p, NULL, g)) {
+        if (p == NULL || !DH_set0_pqg(dhp, p, NULL, g)) {
             DH_free(dhp);
             BN_free(p);
             BN_free(g);
