diff options
author | Benjamin Kaduk <bkaduk@akamai.com> | 2017-10-12 12:12:10 -0500 |
---|---|---|
committer | Benjamin Kaduk <bkaduk@akamai.com> | 2017-10-12 12:21:28 -0500 |
commit | 8abeefeccc4cfbfba9b5ebfc7604fe257a97317a (patch) | |
tree | 85c0f935d6a9ee5419e5411758c4b4b56c664021 | |
parent | 141e470947327e0c4e8ef3c299b42d01064c484c (diff) | |
download | openssl-8abeefeccc4cfbfba9b5ebfc7604fe257a97317a.tar.gz |
Fix memory leak in DH_get_nid()
If q is non-NULL but p is indeed a safe prime, a modified copy
of p could be leaked.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4525)
-rw-r--r-- | crypto/dh/dh_rfc7919.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/crypto/dh/dh_rfc7919.c b/crypto/dh/dh_rfc7919.c index d01ba6fdf3..a54b468e55 100644 --- a/crypto/dh/dh_rfc7919.c +++ b/crypto/dh/dh_rfc7919.c @@ -66,10 +66,9 @@ int DH_get_nid(const DH *dh) BIGNUM *q = BN_dup(dh->p); /* Check q = p * 2 + 1 we already know q is odd, so just shift right */ - if (q == NULL || !BN_rshift1(q, q) || !BN_cmp(dh->q, q)) { - BN_free(q); - return NID_undef; - } + if (q == NULL || !BN_rshift1(q, q) || !BN_cmp(dh->q, q)) + nid = NID_undef; + BN_free(q); } return nid; } |