Merge pull request #6008 from rgacogne/ecdsa-error-leak

rec:  Don't leak when the loading a public ECDSA key fails

diff --git a/pdns/opensslsigners.cc b/pdns/opensslsigners.cc
index 97bab5eb56a9fcb9c3e8b6e13d5cca6b6cbe4321..8e3bb547bd42528ff093f218e5fd144e531f039f 100644 (file)
--- a/pdns/opensslsigners.cc
+++ b/pdns/opensslsigners.cc
@@ -474,7 +474,7 @@ void OpenSSLRSADNSCryptoKeyEngine::fromISCMap(DNSKEYRecordContent& drc, std::map
   if (iqmp == NULL) {
     RSA_free(key);
     BN_clear_free(dmq1);
-    BN_clear_free(iqmp);
+    BN_clear_free(dmp1);
     throw runtime_error(getName()+" allocation of BIGNUM iqmp failed");
   }
   RSA_set0_crt_params(key, dmp1, dmq1, iqmp);
@@ -562,6 +562,7 @@ void OpenSSLRSADNSCryptoKeyEngine::fromPublicKeyString(const std::string& input)
   BIGNUM *n = BN_bin2bn((unsigned char*)modulus.c_str(), modulus.length(), NULL);
   if (!n) {
     RSA_free(key);
+    BN_clear_free(e);
     throw runtime_error(getName()+" error loading n value of public key");
   }
 
@@ -866,6 +867,7 @@ void OpenSSLECDSADNSCryptoKeyEngine::fromPublicKeyString(const std::string& inpu
 
   int ret = EC_POINT_oct2point(d_ecgroup, pub_key, (unsigned char*) ecdsaPoint.c_str(), ecdsaPoint.length(), d_ctx);
   if (ret != 1) {
+    EC_POINT_free(pub_key);
     throw runtime_error(getName()+" reading ECP point from binary failed");
   }