wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

drbg_lib: avoid NULL pointer dereference in drbg_add

Browse source 
Found by Coverity Scan

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7511)
This commit is contained in:
Dr. Matthias St. Pierre 2018-10-28 13:46:35 +01:00
parent 04e3f9a114
commit 59f90557dd
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
crypto/rand/drbg_lib.c
View file

@ -1086,7 +1086,7 @@ static int drbg_add(const void *buf, int num, double randomness)
int ret = 0;
RAND_DRBG *drbg = RAND_DRBG_get0_master();
size_t buflen;
size_t seedlen = rand_drbg_seedlen(drbg);
size_t seedlen;
if (drbg == NULL)
return 0;
@ -1094,6 +1094,8 @@ static int drbg_add(const void *buf, int num, double randomness)
if (num < 0 || randomness < 0.0)
return 0;
seedlen = rand_drbg_seedlen(drbg);
buflen = (size_t)num;
if (buflen < seedlen || randomness < (double) seedlen) {