From: slontis <shane.lontis@oracle.com>
Date: Thu, 16 Feb 2023 23:51:59 +0000 (+1000)
Subject: Fix memleak in rsa_cms_decrypt
X-Git-Tag: openssl-3.3.0-alpha1~371
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d32dd65053431ee744d213b336b9a03a035807e6;p=thirdparty%2Fopenssl.git

Fix memleak in rsa_cms_decrypt

If a call to EVP_PKEY_CTX_set_rsa_mgf1_md() fails then the caller
needs to free the label.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20319)
---

diff --git a/crypto/cms/cms_rsa.c b/crypto/cms/cms_rsa.c
index e3e9a220fd8..31436d4d687 100644
--- a/crypto/cms/cms_rsa.c
+++ b/crypto/cms/cms_rsa.c
@@ -99,8 +99,10 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
     if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
         goto err;
     if (label != NULL
-            && EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0)
+            && EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0) {
+        OPENSSL_free(label);
         goto err;
+    }
     /* Carry on */
     rv = 1;