From: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Wed, 16 Nov 2022 11:32:06 +0000 (+0100)
Subject: Fix a memory leak in rsa_priv_encode
X-Git-Tag: OpenSSL_1_1_1t~24
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=68cec7e9d31fdf05b82a627a82398d8cfb0b915c;p=thirdparty%2Fopenssl.git

Fix a memory leak in rsa_priv_encode

If PKCS8_pkey_set0 fails, the memory in rk need to be clear freed
otherwise it is owned by the PKCS8_PRIV_KEY_INFO.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19694)
---

diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index fb045544a83..2c9c46ea53c 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -172,6 +172,7 @@ static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
                          strtype, str, rk, rklen)) {
         RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
         ASN1_STRING_free(str);
+        OPENSSL_clear_free(rk, rklen);
         return 0;
     }