cmp_vfy.c, encoder_lib.c: Fix potential leak of a BIO

Fixes #16787

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/16804)

diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c
index aa4665a56292478d0eaefcadbc2dc94c34f37629..b9d6fc2bdd17eeffa6a54da6710d619d2ca42270 100644 (file)
--- a/crypto/cmp/cmp_vfy.c
+++ b/crypto/cmp/cmp_vfy.c
@@ -27,12 +27,14 @@ static int verify_signature(const OSSL_CMP_CTX *cmp_ctx,
 {
     OSSL_CMP_PROTECTEDPART prot_part;
     EVP_PKEY *pubkey = NULL;
-    BIO *bio = BIO_new(BIO_s_mem()); /* may be NULL */
+    BIO *bio;
     int res = 0;
 
     if (!ossl_assert(cmp_ctx != NULL && msg != NULL && cert != NULL))
         return 0;
 
+    bio = BIO_new(BIO_s_mem()); /* may be NULL */
+
     /* verify that keyUsage, if present, contains digitalSignature */
     if (!cmp_ctx->ignore_keyusage
             && (X509_get_key_usage(cert) & X509v3_KU_DIGITAL_SIGNATURE) == 0) {

diff --git a/crypto/encode_decode/encoder_lib.c b/crypto/encode_decode/encoder_lib.c
index 6c20fbb3d167032b2d3e11f23105e8b29c3b246e..cfd9275172f59176eebc6a0fdafc54d750ade2eb 100644 (file)
--- a/crypto/encode_decode/encoder_lib.c
+++ b/crypto/encode_decode/encoder_lib.c
@@ -92,7 +92,7 @@ int OSSL_ENCODER_to_fp(OSSL_ENCODER_CTX *ctx, FILE *fp)
 int OSSL_ENCODER_to_data(OSSL_ENCODER_CTX *ctx, unsigned char **pdata,
                          size_t *pdata_len)
 {
-    BIO *out = BIO_new(BIO_s_mem());
+    BIO *out;
     BUF_MEM *buf = NULL;
     int ret = 0;
 
@@ -101,7 +101,10 @@ int OSSL_ENCODER_to_data(OSSL_ENCODER_CTX *ctx, unsigned char **pdata,
         return 0;
     }
 
-    if (OSSL_ENCODER_to_bio(ctx, out)
+    out = BIO_new(BIO_s_mem());
+
+    if (out != NULL
+        && OSSL_ENCODER_to_bio(ctx, out)
         && BIO_get_mem_ptr(out, &buf) > 0) {
         ret = 1; /* Hope for the best. A too small buffer will clear this */