The branch master has been updated via 59f90557dd6e35cf72ac72016609d759ac78fcb9 (commit) from 04e3f9a114c2c142356ef1639d68397a72e0c7f8 (commit)
- Log ----------------------------------------------------------------- commit 59f90557dd6e35cf72ac72016609d759ac78fcb9 Author: Dr. Matthias St. Pierre <matthias.st.pie...@ncp-e.com> Date: Sun Oct 28 13:46:35 2018 +0100 drbg_lib: avoid NULL pointer dereference in drbg_add Found by Coverity Scan Reviewed-by: Bernd Edlinger <bernd.edlin...@hotmail.de> Reviewed-by: Richard Levitte <levi...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7511) ----------------------------------------------------------------------- Summary of changes: crypto/rand/drbg_lib.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index ec4aa69..796ab67 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -1086,7 +1086,7 @@ static int drbg_add(const void *buf, int num, double randomness) int ret = 0; RAND_DRBG *drbg = RAND_DRBG_get0_master(); size_t buflen; - size_t seedlen = rand_drbg_seedlen(drbg); + size_t seedlen; if (drbg == NULL) return 0; @@ -1094,6 +1094,8 @@ static int drbg_add(const void *buf, int num, double randomness) if (num < 0 || randomness < 0.0) return 0; + seedlen = rand_drbg_seedlen(drbg); + buflen = (size_t)num; if (buflen < seedlen || randomness < (double) seedlen) { _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits