From a47235f4f5af0286aadd43eeccf946a8f35a5dc8 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Mon, 26 Sep 2022 12:06:44 +1000
Subject: [PATCH] Check BN_dup results in rsa_check

---
 lib/dns/opensslrsa_link.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c
index 2895ce28ce..bc89ca9a08 100644
--- a/lib/dns/opensslrsa_link.c
+++ b/lib/dns/opensslrsa_link.c
@@ -996,6 +996,9 @@ rsa_check(RSA *rsa, RSA *pub) {
 			}
 		} else {
 			n = BN_dup(n2);
+			if (n == NULL) {
+				return (ISC_R_NOMEMORY);
+			}
 		}
 		if (e1 != NULL) {
 			if (BN_cmp(e1, e2) != 0) {
@@ -1006,6 +1009,12 @@ rsa_check(RSA *rsa, RSA *pub) {
 			}
 		} else {
 			e = BN_dup(e2);
+			if (e == NULL) {
+				if (n != NULL) {
+					BN_free(n);
+				}
+				return (ISC_R_NOMEMORY);
+			}
 		}
 		if (RSA_set0_key(rsa, n, e, NULL) == 0) {
 			if (n != NULL) {