]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f685ca3)
Fix memleak in rsa_cms_decrypt
authorslontis <shane.lontis@oracle.com>
Thu, 16 Feb 2023 23:51:59 +0000 (09:51 +1000)
committerTomas Mraz <tomas@openssl.org>
Fri, 29 Dec 2023 09:42:25 +0000 (10:42 +0100)
If a call to EVP_PKEY_CTX_set_rsa_mgf1_md() fails then the caller
needs to free the label.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20319)

(cherry picked from commit d32dd65053431ee744d213b336b9a03a035807e6)

crypto/cms/cms_rsa.c patch | blob | blame | history

diff --git a/crypto/cms/cms_rsa.c b/crypto/cms/cms_rsa.c
index 68545e5fb7e170df437ac207813fcec68b6d86ce..12bc8184389701db40a561258c386fb1e61d4407 100644 (file)
--- a/crypto/cms/cms_rsa.c
+++ b/crypto/cms/cms_rsa.c
@@ -99,8 +99,10 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
     if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
         goto err;
     if (label != NULL
-            && EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0)
+            && EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0) {
+        OPENSSL_free(label);
         goto err;
+    }
     /* Carry on */
     rv = 1;
 
Mirror of https://github.com/openssl/openssl.git