Missing Error Check in function BN_new()

[lc3412]

Function BN_new() returns a pointer to the BIGNUM initialised to the value 0. If the allocation fails, it returns NULL and set an error code. However , the return value of function BN_new() in thc-ipv6/thc-ipv6-lib.c is not checked, before passing as an argument to the function BN_set_word(). See the following code:

line: 3209 , 3210

thc-ipv6/thc-ipv6-lib.c

Lines 3203 to 3219 in 011376c

	#if defined(NO_RSA_LEGACY) || OPENSSL_VERSION_NUMBER >= 0x10100000L
	RSA *rsa = RSA_new();
	if (rsa == NULL) {
	free(key);
	return NULL;
	}
	BIGNUM *f4 = BN_new();
	BN_set_word(f4, RSA_F4);
	RSA_generate_key_ex(rsa, key_len, f4, NULL);
	key->rsa = rsa;
	#else
	if ((key->rsa = RSA_generate_key(key_len, 65535, NULL, NULL)) == NULL) {
	free(key);
	return NULL;
	}
	key->len = key_len;
	#endif

We find the return value of this call been checked in openssl project with the version of openssl 1.1.2.
Such as in openssl/crypto folder

Ref : https://github.com/openssl/openssl/blob/0db957dbbcf6a432086ab913378c23636d8c374c/crypto/asn1/a_object.c#L106

106:        bl = BN_new();
107:        if (bl == NULL || !BN_set_word(bl, l))
108:            goto err;

Chi Li, Zuxing Gu, Jiecheng Wu

[vanhauser-thc]

fixed, thanks