From: Pauli <pauli@openssl.org>
Date: Fri, 17 Jun 2022 01:02:36 +0000 (+1000)
Subject: Coverity: fix 1506298: negative returns
X-Git-Tag: openssl-3.2.0-alpha1~2451
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=be54ad88a67d2fba3b4fd51bef0fe7db0c01b99a;p=thirdparty%2Fopenssl.git

Coverity: fix 1506298: negative returns

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18587)
---

diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index 6ec582f5f38..8430872a9ab 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -207,6 +207,11 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
 
     ASN1_STRING_clear_free(prkey);
 
+    if (dplen <= 0) {
+        ERR_raise(ERR_LIB_DH, DH_R_BN_ERROR);
+        goto err;
+    }
+
     if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0,
                          V_ASN1_SEQUENCE, params, dp, dplen)) {
         OPENSSL_clear_free(dp, dplen);