Fix memory leak in DH_get_nid()

If q is non-NULL but p is indeed a safe prime, a modified copy of p could be leaked. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4525)
author: Benjamin Kaduk <bkaduk@akamai.com> 2017-10-12 12:12:10 -0500
committer: Benjamin Kaduk <bkaduk@akamai.com> 2017-10-12 12:21:28 -0500
commit: 8abeefeccc4cfbfba9b5ebfc7604fe257a97317a (patch)
tree: 85c0f935d6a9ee5419e5411758c4b4b56c664021
parent: 141e470947327e0c4e8ef3c299b42d01064c484c (diff)
download: openssl-8abeefeccc4cfbfba9b5ebfc7604fe257a97317a.tar.gz
1 files changed, 3 insertions, 4 deletions
diff --git a/crypto/dh/dh_rfc7919.c b/crypto/dh/dh_rfc7919.c
index d01ba6fdf3..a54b468e55 100644
--- a/crypto/dh/dh_rfc7919.c
+++ b/crypto/dh/dh_rfc7919.c
@@ -66,10 +66,9 @@ int DH_get_nid(const DH *dh)
         BIGNUM *q = BN_dup(dh->p);
 
         /* Check q = p * 2 + 1 we already know q is odd, so just shift right */
-        if (q == NULL || !BN_rshift1(q, q) || !BN_cmp(dh->q, q)) {
-            BN_free(q);
-            return NID_undef;
-        }
+        if (q == NULL || !BN_rshift1(q, q) || !BN_cmp(dh->q, q))
+            nid = NID_undef;
+        BN_free(q);
     }
     return nid;
 }
author	Benjamin Kaduk <bkaduk@akamai.com>	2017-10-12 12:12:10 -0500
committer	Benjamin Kaduk <bkaduk@akamai.com>	2017-10-12 12:21:28 -0500
commit	8abeefeccc4cfbfba9b5ebfc7604fe257a97317a (patch)
tree	85c0f935d6a9ee5419e5411758c4b4b56c664021
parent	141e470947327e0c4e8ef3c299b42d01064c484c (diff)
download	openssl-8abeefeccc4cfbfba9b5ebfc7604fe257a97317a.tar.gz