From: slontis <shane.lontis@oracle.com>
Date: Thu, 16 Feb 2023 23:51:59 +0000 (+1000)
Subject: Fix memleak in rsa_cms_decrypt
X-Git-Tag: openssl-3.1.5~62
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d4da0b57304ccd82a131d197dfa164c2ac89a0f2;p=thirdparty%2Fopenssl.git

Fix memleak in rsa_cms_decrypt

If a call to EVP_PKEY_CTX_set_rsa_mgf1_md() fails then the caller
needs to free the label.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20319)

(cherry picked from commit d32dd65053431ee744d213b336b9a03a035807e6)
---

diff --git a/crypto/cms/cms_rsa.c b/crypto/cms/cms_rsa.c
index 68545e5fb7e..12bc8184389 100644
--- a/crypto/cms/cms_rsa.c
+++ b/crypto/cms/cms_rsa.c
@@ -99,8 +99,10 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
     if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
         goto err;
     if (label != NULL
-            && EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0)
+            && EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0) {
+        OPENSSL_free(label);
         goto err;
+    }
     /* Carry on */
     rv = 1;