[openssl-commits] [openssl] master update

matthias.st.pierre at ncp-e.com matthias.st.pierre at ncp-e.com
Sun Oct 28 18:20:46 UTC 2018


The branch master has been updated
       via  59f90557dd6e35cf72ac72016609d759ac78fcb9 (commit)
      from  04e3f9a114c2c142356ef1639d68397a72e0c7f8 (commit)


- Log -----------------------------------------------------------------
commit 59f90557dd6e35cf72ac72016609d759ac78fcb9
Author: Dr. Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Date:   Sun Oct 28 13:46:35 2018 +0100

    drbg_lib: avoid NULL pointer dereference in drbg_add
    
    Found by Coverity Scan
    
    Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/7511)

-----------------------------------------------------------------------

Summary of changes:
 crypto/rand/drbg_lib.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c
index ec4aa69..796ab67 100644
--- a/crypto/rand/drbg_lib.c
+++ b/crypto/rand/drbg_lib.c
@@ -1086,7 +1086,7 @@ static int drbg_add(const void *buf, int num, double randomness)
     int ret = 0;
     RAND_DRBG *drbg = RAND_DRBG_get0_master();
     size_t buflen;
-    size_t seedlen = rand_drbg_seedlen(drbg);
+    size_t seedlen;
 
     if (drbg == NULL)
         return 0;
@@ -1094,6 +1094,8 @@ static int drbg_add(const void *buf, int num, double randomness)
     if (num < 0 || randomness < 0.0)
         return 0;
 
+    seedlen = rand_drbg_seedlen(drbg);
+
     buflen = (size_t)num;
 
     if (buflen < seedlen || randomness < (double) seedlen) {


More information about the openssl-commits mailing list