From e9d1c7ba005dda68148651119234b0ab076302d1 Mon Sep 17 00:00:00 2001
From: Markus Teich <markus.teich@stusta.mhn.de>
Date: Tue, 22 Nov 2016 00:29:27 +0100
Subject: [PATCH] BRANDT_new() returns NULL on parameter failure

---
 brandt.c | 12 +++++++++---
 brandt.h |  3 ++-
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/brandt.c b/brandt.c
index ff106fb..a05731d 100644
--- a/brandt.c
+++ b/brandt.c
@@ -181,17 +181,22 @@ BRANDT_new (BRANDT_CbResult             result,
             uint16_t                    m,
             int                         outcome_public)
 {
-	struct BRANDT_Auction       *ret = GNUNET_new (struct BRANDT_Auction);
-	struct BRANDT_DescrP        *desc = GNUNET_new (struct BRANDT_DescrP);
-	struct GNUNET_HashContext   *hc = GNUNET_CRYPTO_hash_context_start ();
+	struct BRANDT_Auction       *ret;
+	struct BRANDT_DescrP        *desc;
+	struct GNUNET_HashContext   *hc;
 	struct GNUNET_TIME_Relative until_start;
 
+	if (0 == num_prices)
+		return NULL;
+
+	desc = GNUNET_new (struct BRANDT_DescrP);
 	desc->time_start = GNUNET_TIME_absolute_hton (time_start);
 	desc->time_round = GNUNET_TIME_relative_hton (time_round);
 	desc->description_len = htonl (description_len);
 	desc->k = htons (num_prices);
 	desc->m = htons (m);
 	desc->outcome_public = htons (outcome_public);
+	hc = GNUNET_CRYPTO_hash_context_start ();
 	GNUNET_CRYPTO_hash_context_read (hc,
 	                                 &desc->time_start,
 	                                 sizeof (*desc) - sizeof (desc->hash));
@@ -200,6 +205,7 @@ BRANDT_new (BRANDT_CbResult             result,
 	                                 description_len);
 	GNUNET_CRYPTO_hash_context_finish (hc, &desc->hash);
 
+	ret = GNUNET_new (struct BRANDT_Auction);
 	ret->time_start = time_start;
 	ret->time_round = time_round;
 	ret->k = num_prices;
diff --git a/brandt.h b/brandt.h
index 101debf..6d68f0a 100644
--- a/brandt.h
+++ b/brandt.h
@@ -211,7 +211,8 @@ BRANDT_join (BRANDT_CbResult    result,
  * @param[in] outcome_public If 1, the auction winner and price will be public
  * to all participants, if 0, this information will only be revealed to the
  * winner and the seller.
- * @return A pointer, which should only be remembered and passed to
+ * @return If invalid parameters are passed, NULL is returned. Else the return
+ * value is a pointer, which should only be remembered and passed to
  * libbrandt functions when the client needs to refer to this auction. This is a
  * black-box pointer, do NOT dereference/change it or the data it points to!
  */