]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 73ebaac)
Fix memleak in rsa_cms_decrypt
authorslontis <shane.lontis@oracle.com>
Thu, 16 Feb 2023 23:51:59 +0000 (09:51 +1000)
committerTomas Mraz <tomas@openssl.org>
Fri, 29 Dec 2023 09:39:34 +0000 (10:39 +0100)
If a call to EVP_PKEY_CTX_set_rsa_mgf1_md() fails then the caller
needs to free the label.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20319)

crypto/cms/cms_rsa.c patch | blob | blame | history

diff --git a/crypto/cms/cms_rsa.c b/crypto/cms/cms_rsa.c
index e3e9a220fd8edd7d1075f4cd463786e692fba86e..31436d4d6872374666ed4e1e3bae15c74ae52fab 100644 (file)
--- a/crypto/cms/cms_rsa.c
+++ b/crypto/cms/cms_rsa.c
@@ -99,8 +99,10 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
     if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
         goto err;
     if (label != NULL
-            && EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0)
+            && EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0) {
+        OPENSSL_free(label);
         goto err;
+    }
     /* Carry on */
     rv = 1;
 
Mirror of https://github.com/openssl/openssl.git