From 19eae8b4a99e2baea5c3959bfefbc394411e347f Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Sat, 15 Jan 2022 23:15:21 -0500 Subject: [PATCH] lib/hcrypto: BN_set_word return false if input 'bn' is NULL If the input 'bn' is NULL then BN_bin2bn() will allocate and return a BIGNUM which will then be leaked. BN_set_word() would then return true even though it didn't set the word into a BIGNUM known to the caller. Change-Id: I6681f548e6bfb330cec009ae7c18e6151016179e --- lib/hcrypto/bn.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/hcrypto/bn.c b/lib/hcrypto/bn.c index 91933c0a2..62297b145 100644 --- a/lib/hcrypto/bn.c +++ b/lib/hcrypto/bn.c @@ -287,6 +287,9 @@ BN_set_word(BIGNUM *bn, unsigned long num) unsigned long num2; int i, len; + if (bn == NULL) + return 0; + for (num2 = num, i = 0; num2 > 0; i++) num2 = num2 >> 8;