From: Tomas Mraz <tomas@openssl.org>
Date: Tue, 21 Jan 2025 13:42:28 +0000 (+0100)
Subject: eddsa_signverify_init(): Avoid memory leak on error
X-Git-Tag: openssl-3.3.3~13
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=45c4ad8e8bd6f2f7fb66efad240f2e3bb60b5d9e;p=thirdparty%2Fopenssl.git

eddsa_signverify_init(): Avoid memory leak on error

Add missing WPACKET_cleanup() call.
Fixes Coverity 1638693

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/26500)

(cherry picked from commit abbc4073145cb6b2ea221f3e34809e9aefece9ab)
---

diff --git a/providers/implementations/signature/eddsa_sig.c b/providers/implementations/signature/eddsa_sig.c
index 8594af39e14..84ca459706b 100644
--- a/providers/implementations/signature/eddsa_sig.c
+++ b/providers/implementations/signature/eddsa_sig.c
@@ -216,6 +216,7 @@ static int eddsa_digest_signverify_init(void *vpeddsactx, const char *mdname,
         /* Should never happen */
         ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
         ossl_ecx_key_free(edkey);
+        WPACKET_cleanup(&pkt);
         return 0;
     }
     if (ret && WPACKET_finish(&pkt)) {