From: valdaarhun <icegambit91@gmail.com>
Date: Wed, 10 Aug 2022 19:18:05 +0000 (+0530)
Subject: Fix memory leak in BN_rand_range()
X-Git-Tag: openssl-3.2.0-alpha1~2273
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=70f589ae41928edda18470ba1c3df82af02a92b3;p=thirdparty%2Fopenssl.git

Fix memory leak in BN_rand_range()

The patch enables BN_rand_range() to exit immediately
if BIGNUM *rnd is NULL.

CLA: trivial

Fixes: #18951

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18982)
---

diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index 1b495969906..fd17e7a6011 100644
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -136,6 +136,11 @@ static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range,
     int n;
     int count = 100;
 
+    if (r == NULL) {
+        ERR_raise(ERR_LIB_BN, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     if (range->neg || BN_is_zero(range)) {
         ERR_raise(ERR_LIB_BN, BN_R_INVALID_RANGE);
         return 0;