From 7a217076d902d1717d1ab9b851c6c5ad6d7a444c Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 22 Aug 2012 22:42:04 +0000 Subject: [PATCH] PR: 2786 Reported by: Tomas Mraz Treat a NULL value passed to drbg_free_entropy callback as non-op. This can happen if the call to fips_get_entropy fails. --- crypto/rand/rand_lib.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index daf1dab973..476a0cd187 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -210,8 +210,11 @@ static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout, static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen) { - OPENSSL_cleanse(out, olen); - OPENSSL_free(out); + if (out) + { + OPENSSL_cleanse(out, olen); + OPENSSL_free(out); + } } /* Set "additional input" when generating random data. This uses the -- 2.40.0