Fix coverity issues, CID 471315 and 356192

471315, EC_POINTS_new: Reads target of a freed pointer 356192, pkey_dh_derive: Out-of-bounds access to a buffer
dongbeiouba · Jul 12, 2024 · 2a0984f · 2a0984f
1 parent 8bfdb8b
commit 2a0984f
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
@@ -432,7 +432,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
     else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
 
         unsigned char *Z = NULL;
-        size_t Zlen = 0;
+        int Zlen = 0;
         if (!dctx->kdf_outlen || !dctx->kdf_oid)
             return 0;
         if (key == NULL) {

diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
@@ -795,8 +795,10 @@ EC_POINTS *EC_POINTS_new(const EC_GROUP *group, int count)
 
     for (i = 0; i < count; i++) {
         point = EC_POINT_new(group);
-        if (point == NULL)
+        if (point == NULL) {
             EC_POINTS_free(ret);
+            return NULL;
+        }
 
         ret->items[i] = point;
     }