From: Andrew Dinh <andrewd@openssl.org>
Date: Fri, 16 Aug 2024 13:55:16 +0000 (+0700)
Subject: list_tls_signatures(): Avoid leak with zero length builtin_sigalgs
X-Git-Tag: openssl-3.4.0-alpha1~110
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=47645bf7c63aaf08b764bfeaaa611c6673bb03a8;p=thirdparty%2Fopenssl.git

list_tls_signatures(): Avoid leak with zero length builtin_sigalgs

Fixes Coverity 1616307

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25219)
---

diff --git a/apps/list.c b/apps/list.c
index 679a27c88b6..fbfb4ae0919 100644
--- a/apps/list.c
+++ b/apps/list.c
@@ -779,10 +779,12 @@ static void list_tls_signatures(void)
     int tls_sigalg_listed = 0;
     char *builtin_sigalgs = SSL_get1_builtin_sigalgs(app_get0_libctx());
 
-    if (builtin_sigalgs != NULL && builtin_sigalgs[0] != 0) {
-        BIO_printf(bio_out, "%s", builtin_sigalgs);
+    if (builtin_sigalgs != NULL) {
+        if (builtin_sigalgs[0] != 0) {
+            BIO_printf(bio_out, "%s", builtin_sigalgs);
+            tls_sigalg_listed = 1;
+        }
         OPENSSL_free(builtin_sigalgs);
-        tls_sigalg_listed = 1;
     }
 
     /* As built-in providers don't have this capability, never error */