From: JiashengJiang <jiasheng@purdue.edu>
Date: Tue, 22 Apr 2025 13:03:44 +0000 (-0400)
Subject: apps/pkeyutl.c: Add OPENSSL_free() to avoid a memory leak
X-Git-Tag: openssl-3.0.17~35
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0fc85f7494b6951efe0c22fce45547500b3624af;p=thirdparty%2Fopenssl.git

apps/pkeyutl.c: Add OPENSSL_free() to avoid a memory leak

If EVP_PKEY_CTX_ctrl_str() fails, the code jumps to 'end' label without freeing passwd, causing a memory leak.

Fixes: 9d1bf5f7de ("Add option to read pkeyopts interactively")
Signed-off-by: JiashengJiang <jiasheng@purdue.edu>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27470)

(cherry picked from commit 0dc6ea55a13dbe27af234b5328527d0a31ae68eb)
---

diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index 5e504713763..47d4ded6b17 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -371,6 +371,7 @@ int pkeyutl_main(int argc, char **argv)
             if (EVP_PKEY_CTX_ctrl_str(ctx, opt, passwd) <= 0) {
                 BIO_printf(bio_err, "%s: Can't set parameter \"%s\":\n",
                            prog, opt);
+                OPENSSL_free(passwd);
                 goto end;
             }
             OPENSSL_free(passwd);