From: Jiasheng Jiang Date: Sat, 16 Mar 2024 21:27:14 +0000 (+0000) Subject: APPS: Add missing OPENSSL_free() and combine the error handler X-Git-Tag: openssl-3.4.0-alpha1~729 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=beb82177ddcd4b536544ceec92bb53f4d85d8e91;p=thirdparty%2Fopenssl.git APPS: Add missing OPENSSL_free() and combine the error handler Add the OPENSSL_free() in the error handler to release the "*md_value" allocated by app_malloc(). To make the code clear and avoid possible future errors, combine the error handler in the "err" tag. Then, we only need to use "goto err" instead of releasing the memory separately. Since the EVP_MD_get_size() may return negative numbers when an error occurs, create_query() may fail to catch the error since it only considers 0 as an error code. Therefore, unifying the error codes of create_digest() from non-positive numbers to 0 is better, which also benefits future programming. Fixes: c7235be ("RFC 3161 compliant time stamp request creation, response generation and response verification.") Signed-off-by: Jiasheng Jiang Reviewed-by: Neil Horman Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/23873) --- diff --git a/apps/ts.c b/apps/ts.c index 65e941d263b..18df7d5ace3 100644 --- a/apps/ts.c +++ b/apps/ts.c @@ -538,15 +538,18 @@ static int create_digest(BIO *input, const char *digest, const EVP_MD *md, *md_value = OPENSSL_hexstr2buf(digest, &digest_len); if (*md_value == NULL || md_value_len != digest_len) { - OPENSSL_free(*md_value); - *md_value = NULL; BIO_printf(bio_err, "bad digest, %d bytes " "must be specified\n", md_value_len); - return 0; + goto err; } } rv = md_value_len; err: + if (rv <= 0) { + OPENSSL_free(*md_value); + *md_value = NULL; + rv = 0; + } EVP_MD_CTX_free(md_ctx); return rv; }