From: Tomas Mraz <tomas@openssl.org>
Date: Tue, 4 Jan 2022 10:53:30 +0000 (+0100)
Subject: EVP_PKEY_fromdata(): Do not return newly allocated pkey on failure
X-Git-Tag: openssl-3.2.0-alpha1~3125
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5b03b89f7f925384c2768874c95f1af7053fd16f;p=thirdparty%2Fopenssl.git

EVP_PKEY_fromdata(): Do not return newly allocated pkey on failure

Fixes #17407

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17411)
---

diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c
index af3d990869d..f9d001fdd05 100644
--- a/crypto/evp/pmeth_gn.c
+++ b/crypto/evp/pmeth_gn.c
@@ -365,6 +365,7 @@ int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, int selection,
                       OSSL_PARAM params[])
 {
     void *keydata = NULL;
+    EVP_PKEY *allocated_pkey = NULL;
 
     if (ctx == NULL || (ctx->operation & EVP_PKEY_OP_FROMDATA) == 0) {
         ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
@@ -375,7 +376,7 @@ int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, int selection,
         return -1;
 
     if (*ppkey == NULL)
-        *ppkey = EVP_PKEY_new();
+        allocated_pkey = *ppkey = EVP_PKEY_new();
 
     if (*ppkey == NULL) {
         ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
@@ -383,8 +384,13 @@ int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, int selection,
     }
 
     keydata = evp_keymgmt_util_fromdata(*ppkey, ctx->keymgmt, selection, params);
-    if (keydata == NULL)
+    if (keydata == NULL) {
+        if (allocated_pkey != NULL) {
+            *ppkey = NULL;
+            EVP_PKEY_free(allocated_pkey);
+        }
         return 0;
+    }
     /* keydata is cached in *ppkey, so we need not bother with it further */
     return 1;
 }