From: Jakub Zelenka <jakub.zelenka@openssl.foundation>
Date: Wed, 6 May 2026 16:22:47 +0000 (+0200)
Subject: Fix memleak in ossl_ffc_params_copy if alloc fails
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a887f93cc7f940a1dcecc5faea79f0528c1f4d5c;p=thirdparty%2Fopenssl.git

Fix memleak in ossl_ffc_params_copy if alloc fails

If allocation fails in ossl_ffc_params_copy, then the params that were
previously allocated are not freed. This results in a memory leak.

Fixes: dc8de3e6f1ee "Modify DSA and DH keys to use a shared FFC_PARAMS struct"

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.foundation>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Mon May 11 07:21:45 2026
(Merged from https://github.com/openssl/openssl/pull/31098)
---

diff --git a/crypto/ffc/ffc_params.c b/crypto/ffc/ffc_params.c
index 438997931bb..6da6527a4b0 100644
--- a/crypto/ffc/ffc_params.c
+++ b/crypto/ffc/ffc_params.c
@@ -182,8 +182,10 @@ int ossl_ffc_params_copy(FFC_PARAMS *dst, const FFC_PARAMS *src)
     if (!ffc_bn_cpy(&dst->p, src->p)
         || !ffc_bn_cpy(&dst->g, src->g)
         || !ffc_bn_cpy(&dst->q, src->q)
-        || !ffc_bn_cpy(&dst->j, src->j))
+        || !ffc_bn_cpy(&dst->j, src->j)) {
+        ossl_ffc_params_cleanup(dst);
         return 0;
+    }
 
     dst->mdname = src->mdname;
     dst->mdprops = src->mdprops;
@@ -191,8 +193,10 @@ int ossl_ffc_params_copy(FFC_PARAMS *dst, const FFC_PARAMS *src)
     dst->seedlen = src->seedlen;
     if (src->seed != NULL) {
         dst->seed = OPENSSL_memdup(src->seed, src->seedlen);
-        if (dst->seed == NULL)
+        if (dst->seed == NULL) {
+            ossl_ffc_params_cleanup(dst);
             return 0;
+        }
     } else {
         dst->seed = NULL;
     }