openssl: avoid NULL pointer dereference in dh_pub_encode()/dsa_pub_encode() We should avoid accessing the pointer if ASN1_STRING_new() allocates memory failed. Upstream-Status: Submitted http://www.mail-archive.com/openssl-dev@openssl.org/msg32859.html Signed-off-by: Xufeng Zhang --- --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -139,6 +139,12 @@ dh=pkey->pkey.dh; str = ASN1_STRING_new(); + if (!str) + { + DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); + goto err; + } + str->length = i2d_DHparams(dh, &str->data); if (str->length <= 0) { --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -148,6 +148,11 @@ { ASN1_STRING *str; str = ASN1_STRING_new(); + if (!str) + { + DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); + goto err; + } str->length = i2d_DSAparams(dsa, &str->data); if (str->length <= 0) {