From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Date: Fri, 1 Jul 2022 08:23:58 +0000 (+0800)
Subject: ssl/tls_srp.c: Add check for BN_dup
X-Git-Tag: openssl-3.2.0-alpha1~2419
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=12e488367d34657a5c0e1bc322e66c48463d2a0c;p=thirdparty%2Fopenssl.git

ssl/tls_srp.c: Add check for BN_dup

As the potential failure of the BN_dup,
it should be better to check the return value
in order to guarantee the success.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18699)
---

diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c
index e69ddfe9d58..a4ec363cfba 100644
--- a/ssl/tls_srp.c
+++ b/ssl/tls_srp.c
@@ -238,7 +238,7 @@ int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
     BN_clear_free(s->srp_ctx.s);
     s->srp_ctx.s = NULL;
     if (!SRP_create_verifier_BN_ex(user, pass, &s->srp_ctx.s, &s->srp_ctx.v,
-                                   GN->N, GN->g, s->ctx->libctx,
+                                   s->srp_ctx.N, s->srp_ctx.g, s->ctx->libctx,
                                    s->ctx->propq))
         return -1;