From: Matt Caswell <matt@openssl.org>
Date: Tue, 15 Aug 2023 14:05:38 +0000 (+0100)
Subject: Fix a leak in an error path when duplicating an OSSL_DECODER_CTX.
X-Git-Tag: openssl-3.2.0-alpha1~202
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e16c0103083af676af8c5564bb21585d4574f992;p=thirdparty%2Fopenssl.git

Fix a leak in an error path when duplicating an OSSL_DECODER_CTX.

Make sure we free process_data_dest if it is not actually used.

Found by the reproducible error patch in #21668

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21741)
---

diff --git a/crypto/encode_decode/decoder_pkey.c b/crypto/encode_decode/decoder_pkey.c
index 65dc1326e28..c38c7e3dffa 100644
--- a/crypto/encode_decode/decoder_pkey.c
+++ b/crypto/encode_decode/decoder_pkey.c
@@ -579,6 +579,7 @@ ossl_decoder_ctx_for_pkey_dup(OSSL_DECODER_CTX *src,
     if (process_data_dest != NULL) {
         OPENSSL_free(process_data_dest->propq);
         sk_EVP_KEYMGMT_pop_free(process_data_dest->keymgmts, EVP_KEYMGMT_free);
+        OPENSSL_free(process_data_dest);
     }
     OSSL_DECODER_CTX_free(dest);
     return NULL;