Hello All, In reviewing code in directory 'apps', file 'prime.c', there is a call to BN_new() which is not checked for a return value of NULL, indicating failure. The patch file below should address/correct this issue:
--- prime.c.orig 2016-03-08 16:13:24.841500061 -0800 +++ prime.c 2016-03-08 16:15:33.587863062 -0800 @@ -122,6 +122,10 @@ goto end; } bn = BN_new(); + if (bn == NULL) { + BIO_printf(bio_err, "Out of memory\n"); + goto end; + } BN_generate_prime_ex(bn, bits, safe, NULL, NULL, NULL); s = hex ? BN_bn2hex(bn) : BN_bn2dec(bn); BIO_printf(bio_out, "%s\n", s); ======================================================================= Bill Parker (wp02855 at gmail dot com) -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4402 Please log in as guest with password guest if prompted
prime.c.patch
Description: Binary data
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev