From d9a7a8e200e80c875fd54c746e7a67b3f23ee03c Mon Sep 17 00:00:00 2001
From: widneve <wito.deneve@ugent.be>
Date: Tue, 20 May 2025 16:23:09 +0200
Subject: [PATCH] Fix memory leaks after failure of
 PKCS7_add_signed_attribute()

If PKCS7_add_signed_attribute fails,
seq never escapes out of the callee and will
therefore result in a memory leak.
This is similar to ed3d277127.

CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27670)

(cherry picked from commit 6543f34dda8908db56372581eef6eafa0ae4add4)
---
 crypto/ts/ts_rsp_sign.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c
index 8937bb2d667..7b323531c3f 100644
--- a/crypto/ts/ts_rsp_sign.c
+++ b/crypto/ts/ts_rsp_sign.c
@@ -645,8 +645,12 @@ static int ossl_ess_add1_signing_cert(PKCS7_SIGNER_INFO *si,
     }
 
     OPENSSL_free(pp);
-    return PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificate,
-                                      V_ASN1_SEQUENCE, seq);
+    if (!PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificate,
+                                    V_ASN1_SEQUENCE, seq)) {
+        ASN1_STRING_free(seq);
+        return 0;
+    }
+    return 1;
 }
 
 static int ossl_ess_add1_signing_cert_v2(PKCS7_SIGNER_INFO *si,
@@ -668,8 +672,12 @@ static int ossl_ess_add1_signing_cert_v2(PKCS7_SIGNER_INFO *si,
     }
 
     OPENSSL_free(pp);
-    return PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificateV2,
-                                      V_ASN1_SEQUENCE, seq);
+    if (!PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificateV2,
+                                    V_ASN1_SEQUENCE, seq)) {
+        ASN1_STRING_free(seq);
+        return 0;
+    }
+    return 1;
 }
 
 static int ts_RESP_sign(TS_RESP_CTX *ctx)
-- 
2.47.2