Commit b8f1c116 authored by Matt Caswell's avatar Matt Caswell
Browse files

Don't free the BIGNUM passed to BN_mpi2bn 



Commit 91fb42dd fixed a leak but introduced a problem where a parameter
is erroneously freed instead.

Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent 098c1e3d

crypto/bn/bn_mpi.c

+8 −3
Original line number Diff line number Diff line
@@ -87,10 +87,11 @@ int BN_bn2mpi(const BIGNUM *a, unsigned char *d) 
    return (num + 4 + ext);

}



BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a)

BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *ain)

{

    long len;

    int neg = 0;

    BIGNUM *a = NULL;



    if (n < 4) {

        BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH);
@@ -103,8 +104,11 @@ BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a) 
        return NULL;

    }



    if (a == NULL)

    if (ain == NULL)

        a = BN_new();

    else

        a = ain;



    if (a == NULL)

        return NULL;
@@ -117,6 +121,7 @@ BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a) 
    if ((*d) & 0x80)

        neg = 1;

    if (BN_bin2bn(d, (int)len, a) == NULL) {

        if (ain == NULL)

            BN_free(a);

        return NULL;

    }