On Tue, Nov 08, 2022 at 11:06:43AM -0700, Todd C. Miller wrote: > On Tue, 08 Nov 2022 18:33:48 +0100, Tobias Heider wrote: > > > If ain == NULL then a points to newly malloced memory which should be > > freed when BN_bin2bn() fails. > > We don't have an "ain" function argument in LibreSSL so you will > need a larger diff. Perhaps something like this (untested). > > - todd
huh right, mixed them up. Updated diff looks ok to me. > > Index: lib/libcrypto/bn/bn_mpi.c > =================================================================== > RCS file: /cvs/src/lib/libcrypto/bn/bn_mpi.c,v > retrieving revision 1.8 > diff -u -p -u -r1.8 bn_mpi.c > --- lib/libcrypto/bn/bn_mpi.c 29 Jan 2017 17:49:22 -0000 1.8 > +++ lib/libcrypto/bn/bn_mpi.c 8 Nov 2022 18:03:36 -0000 > @@ -92,8 +92,9 @@ BN_bn2mpi(const BIGNUM *a, unsigned char > } > > BIGNUM * > -BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a) > +BN_mpi2bn(const unsigned char *d, int n, BIGNUM *ain) > { > + BIGNUM *a = ain; > long len; > int neg = 0; > > @@ -121,8 +122,11 @@ BN_mpi2bn(const unsigned char *d, int n, > d += 4; > if ((*d) & 0x80) > neg = 1; > - if (BN_bin2bn(d, (int)len, a) == NULL) > + if (BN_bin2bn(d, (int)len, a) == NULL) { > + if (ain == NULL) > + BN_free(a); > return (NULL); > + } > a->neg = neg; > if (neg) { > BN_clear_bit(a, BN_num_bits(a) - 1); >