From 0e9ca38e84f60386f11d37f48297afd865328940 Mon Sep 17 00:00:00 2001
From: JiashengJiang <jiasheng@purdue.edu>
Date: Wed, 21 May 2025 21:12:18 -0400
Subject: [PATCH] crypto/pkcs7/pk7_smime.c: Add BIO_free() to avoid memory leak

Add BIO_free() to free tmpout if OPENSSL_malloc() fails to avoid memory leak.

Fixes: 8e70485 ("RT3955: Reduce some stack usage")
Signed-off-by: JiashengJiang <jiasheng@purdue.edu>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27631)

(cherry picked from commit 9882d389df71ef7163c7769b4431a0dbe713ab65)
---
 crypto/pkcs7/pk7_smime.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
index 3f9ba3b7d6d..c3f0f839689 100644
--- a/crypto/pkcs7/pk7_smime.c
+++ b/crypto/pkcs7/pk7_smime.c
@@ -333,10 +333,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
     if (flags & PKCS7_TEXT) {
         if (!SMIME_text(tmpout, out)) {
             ERR_raise(ERR_LIB_PKCS7, PKCS7_R_SMIME_TEXT_ERROR);
-            BIO_free(tmpout);
             goto err;
         }
-        BIO_free(tmpout);
     }
 
     /* Now Verify All Signatures */
@@ -354,6 +352,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
     ret = 1;
 
  err:
+    if (flags & PKCS7_TEXT)
+        BIO_free(tmpout);
     X509_STORE_CTX_free(cert_ctx);
     OPENSSL_free(buf);
     if (indata != NULL)
-- 
2.47.2