On Wed, Sep 24, 2014 at 1:04 PM, Mounir IDRASSI <mounir.idra...@idrix.net> wrote: > > The leak comes from the fact that you are passing a NULL "value" > parameter to BN_rand_range. This is unexpected as this is where the > result is supposed to be written. Internally, because of this NULL > pointer, OpenSSL allocate temporary BIGNUM that gets lost (allocated in > the call to BN_bin2bn inside the function bnrand at line 199 of bn_rand.c). > > To avoid this leak, just allocate your "value" variable at the begining > and don't free it inside the loop because its value will be updated by > BN_rand_range. So just add value = BN_new(); at the begining and remove > the if block inside the loop. > Oh, that's interesting. I incorrectly tested for 0 as success (and not 1). And the program did not segfault...
Thanks for the help. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
