From ac882374a595ba31a04f374f227755c938a7b4c2 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Thu, 1 Oct 2020 09:35:58 +0300 Subject: [PATCH] SAE: Fix error path handling for SSWU crypto_bignum_init_set() might fail in case of memory allocation failures. These two cases within sswu() did not handle that properly, i.e., a memory allocation failure could have resulted in dereferencing a NULL pointer. Check the return value before proceeding to fix this. Fixes: aeb022f8e51e ("SAE: Implement hash-to-element PT/PWE crypto routines") Signed-off-by: Jouni Malinen --- src/common/sae.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/common/sae.c b/src/common/sae.c index 72b5f3fab..057e1ce3b 100644 --- a/src/common/sae.c +++ b/src/common/sae.c @@ -713,6 +713,8 @@ static struct crypto_ec_point * sswu(struct crypto_ec *ec, int group, goto fail; const_time_select_bin(m_is_zero, bin1, bin2, prime_len, bin); x1 = crypto_bignum_init_set(bin, prime_len); + if (!x1) + goto fail; debug_print_bignum("SSWU: x1 = CSEL(l, x1a, x1b)", x1, prime_len); /* gx1 = x1^3 + a * x1 + b */ @@ -753,6 +755,8 @@ static struct crypto_ec_point * sswu(struct crypto_ec *ec, int group, goto fail; const_time_select_bin(is_qr, bin1, bin2, prime_len, bin); v = crypto_bignum_init_set(bin, prime_len); + if (!v) + goto fail; debug_print_bignum("SSWU: v = CSEL(l, gx1, gx2)", v, prime_len); /* x = CSEL(l, x1, x2) */