From: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Tue, 14 Nov 2023 01:42:42 +0000 (+0100)
Subject: Fix possible memleak in PKCS7_add0_attrib_signing_time
X-Git-Tag: openssl-3.3.0-alpha1~599
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7d52539f00144cb410c4e9d8da0b9574c0badb19;p=thirdparty%2Fopenssl.git

Fix possible memleak in PKCS7_add0_attrib_signing_time

When PKCS7_add_signed_attribute fails, the ASN1_TIME
object may be leaked when it was not passed in as
input parameter.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22772)
---

diff --git a/crypto/pkcs7/pk7_attr.c b/crypto/pkcs7/pk7_attr.c
index 72690c5e1b0..a12d65bb8e3 100644
--- a/crypto/pkcs7/pk7_attr.c
+++ b/crypto/pkcs7/pk7_attr.c
@@ -102,12 +102,18 @@ int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid)
 
 int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t)
 {
-    if (t == NULL && (t = X509_gmtime_adj(NULL, 0)) == NULL) {
+    ASN1_TIME *tmp = NULL;
+
+    if (t == NULL && (tmp = t = X509_gmtime_adj(NULL, 0)) == NULL) {
         ERR_raise(ERR_LIB_PKCS7, ERR_R_X509_LIB);
         return 0;
     }
-    return PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime,
-                                      V_ASN1_UTCTIME, t);
+    if (!PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime,
+                                    V_ASN1_UTCTIME, t)) {
+        ASN1_TIME_free(tmp);
+        return 0;
+    }
+    return 1;
 }
 
 int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si,