From 9f8eadd28913b5691ed46ec053bdefdbde411b4e Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Mon, 26 Sep 2022 12:06:44 +1000
Subject: [PATCH] Check BN_dup results in rsa_check

(cherry picked from commit a47235f4f5af0286aadd43eeccf946a8f35a5dc8)
---
 lib/dns/opensslrsa_link.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c
index d01d0b03cb..2c5b967aa1 100644
--- a/lib/dns/opensslrsa_link.c
+++ b/lib/dns/opensslrsa_link.c
@@ -991,6 +991,9 @@ rsa_check(RSA *rsa, RSA *pub) {
 			}
 		} else {
 			n = BN_dup(n2);
+			if (n == NULL) {
+				return (ISC_R_NOMEMORY);
+			}
 		}
 		if (e1 != NULL) {
 			if (BN_cmp(e1, e2) != 0) {
@@ -1001,6 +1004,12 @@ rsa_check(RSA *rsa, RSA *pub) {
 			}
 		} else {
 			e = BN_dup(e2);
+			if (e == NULL) {
+				if (n != NULL) {
+					BN_free(n);
+				}
+				return (ISC_R_NOMEMORY);
+			}
 		}
 		if (RSA_set0_key(rsa, n, e, NULL) == 0) {
 			if (n != NULL) {