Hello All, In reviewing code in directory 'apps', file 'prime.c', there is a call to BN_new() which is not checked for a return value of NULL, indicating failure. The patch file below should address/correct this issue:
--- prime.c.orig 2016-03-08 16:13:24.841500061 -0800
+++ prime.c 2016-03-08 16:15:33.587863062 -0800
@@ -122,6 +122,10 @@
goto end;
}
bn = BN_new();
+ if (bn == NULL) {
+ BIO_printf(bio_err, "Out of memory\n");
+ goto end;
+ }
BN_generate_prime_ex(bn, bits, safe, NULL, NULL, NULL);
s = hex ? BN_bn2hex(bn) : BN_bn2dec(bn);
BIO_printf(bio_out, "%s\n", s);
=======================================================================
Bill Parker (wp02855 at gmail dot com)
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4402
Please log in as guest with password guest if prompted
prime.c.patch
Description: Binary data
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
