Missing check on mp_init_multi

wolfSSL / wolfssl

The wolfSSL library is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. wolfSSL supports up to TLS 1.3 and DTLS 1.3!

https://www.wolfssl.com

GNU General Public License v2.0

2.29k stars 818 forks source link

Missing check on mp_init_multi #2045

Closed ManSoSec closed 5 years ago

ManSoSec commented 5 years ago

I noticed a check is missing here:

https://github.com/wolfSSL/wolfssl/blob/master/wolfcrypt/src/ecc.c#L3831

err = mp_init_multi(pub->x, pub->y, pub->z, NULL, NULL, NULL);

While it is done here: https://github.com/wolfSSL/wolfssl/blob/master/wolfcrypt/src/ecc.c#L5650

err = mp_init_multi(point->x, point->y, point->z, NULL, NULL, NULL);
#endif
    if (err != MP_OKAY)
        return MEMORY_E;

I wonder if it could cause an issue. Thanks!

ejohnstown commented 5 years ago

The err return value is checked. This function does a chain of if (err == MP_OKAY) and will skip to near the end to clean up any allocated memory if that initialization fails.