Hello All, In reviewing code in directory 'engines/ccgost', file 'gost2001.c', there are two calls to BN_new() which are not checked for a return value of NULL, indicating failure.
The patch file below should address/correct this issue:
--- gost2001.c.orig 2016-03-06 11:32:49.676178425 -0800
+++ gost2001.c 2016-03-06 11:38:04.604204158 -0800
@@ -434,6 +434,10 @@
int gost2001_keygen(EC_KEY *ec)
{
BIGNUM *order = BN_new(), *d = BN_new();
+ if (!order || !d) {
+ GOSTerr(GOST_F_GOST2001_KEYGEN, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
const EC_GROUP *group = EC_KEY_get0_group(ec);
if(!group || !EC_GROUP_get_order(group, order, NULL)) {
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4386
Please log in as guest with password guest if prompted
gost2001.c.patch
Description: Binary data
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
