From 38dfa2cee2d80aa357daea9c5cdc538232ff3c43 Mon Sep 17 00:00:00 2001
From: 77tiann <27392025k@gmail.com>
Date: Wed, 30 Jul 2025 17:47:06 -0700
Subject: [PATCH] Fix memory leak on EVP_CIPHER_param_to_asn1 failure

When EVP_CIPHER_param_to_asn1() fails, xalg->parameter was not freed,
leading to a memory leak. This patch adds proper cleanup for that case.
CLA: trivial

Signed-off-by: 77tiann <27392025k@gmail.com>

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28131)

(cherry picked from commit bda2473a44e4534c3c640ce89a0971874165c6df)
---
 crypto/pkcs7/pk7_doit.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index d15a3167235..b35e284ac67 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -324,8 +324,11 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
                 if (xalg->parameter == NULL)
                     goto err;
             }
-            if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) <= 0)
+            if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) <= 0) {
+                ASN1_TYPE_free(xalg->parameter);
+                xalg->parameter = NULL;
                 goto err;
+            }
         }
 
         /* Lets do the pub key stuff :-) */
-- 
2.47.2