CKey::SetSecret BIGNUM leak

In key.h, CKey::SetSecret(const CSecret& vchSecret) there is a potential BIGNUM leak.

Look at the line with if (!EC_KEY_regenerate_key(pkey,bn)). If it fails it throw, but it doesn't BN_clear_free(bn);.

```
    BIGNUM *bn = BN_bin2bn(&vchSecret[0],32,BN_new());
    if (bn == NULL) 
        throw key_error("CKey::SetSecret() : BN_bin2bn failed");
    if (!EC_KEY_regenerate_key(pkey,bn))
        throw key_error("CKey::SetSecret() : EC_KEY_regenerate_key failed");
    BN_clear_free(bn);
```

I'll add that, to be consistent, you should put fSet = false; at the beginning of the function, because you are resetting the pkey and then re-put it at true at the end of the function if everything went ok.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CKey::SetSecret BIGNUM leak #650

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CKey::SetSecret BIGNUM leak #650

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions