On Tue, Nov 08, 2022 at 11:06:43AM -0700, Todd C. Miller wrote:
> On Tue, 08 Nov 2022 18:33:48 +0100, Tobias Heider wrote:
>
> > If ain == NULL then a points to newly malloced memory which should be
> > freed when BN_bin2bn() fails.
>
> We don't have an "ain" function argument in LibreSSL so you will
> need a larger diff. Perhaps something like this (untested).
>
> - todd
huh right, mixed them up. Updated diff looks ok to me.
>
> Index: lib/libcrypto/bn/bn_mpi.c
> ===================================================================
> RCS file: /cvs/src/lib/libcrypto/bn/bn_mpi.c,v
> retrieving revision 1.8
> diff -u -p -u -r1.8 bn_mpi.c
> --- lib/libcrypto/bn/bn_mpi.c 29 Jan 2017 17:49:22 -0000 1.8
> +++ lib/libcrypto/bn/bn_mpi.c 8 Nov 2022 18:03:36 -0000
> @@ -92,8 +92,9 @@ BN_bn2mpi(const BIGNUM *a, unsigned char
> }
>
> BIGNUM *
> -BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a)
> +BN_mpi2bn(const unsigned char *d, int n, BIGNUM *ain)
> {
> + BIGNUM *a = ain;
> long len;
> int neg = 0;
>
> @@ -121,8 +122,11 @@ BN_mpi2bn(const unsigned char *d, int n,
> d += 4;
> if ((*d) & 0x80)
> neg = 1;
> - if (BN_bin2bn(d, (int)len, a) == NULL)
> + if (BN_bin2bn(d, (int)len, a) == NULL) {
> + if (ain == NULL)
> + BN_free(a);
> return (NULL);
> + }
> a->neg = neg;
> if (neg) {
> BN_clear_bit(a, BN_num_bits(a) - 1);
>
