]> git.ipfire.org Git - thirdparty/haproxy.git/commitdiff
projects / thirdparty / haproxy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bbc4178)
BUG/MINOR: jwt: fix possible memory leak in convert_ecdsa_sig() error path
authorWilly Tarreau <w@1wt.eu>
Wed, 29 Apr 2026 09:26:00 +0000 (11:26 +0200)
committerWilly Tarreau <w@1wt.eu>
Mon, 18 May 2026 16:50:30 +0000 (18:50 +0200)
The allocated ec_R and ec_S were not released in case one of the two
would fail to be allocated/created, and would cause a memory leak. Let's
add the missing BN_free(). This may be backported to 2.4.

src/jwt.c patch | blob | blame | history

diff --git a/src/jwt.c b/src/jwt.c
index 5359678afb553936d98e331928c1dc8b55b89099..8eb4f063ca9114b67a4a159c8c8feb23ab178527 100644 (file)
--- a/src/jwt.c
+++ b/src/jwt.c
@@ -324,6 +324,8 @@ static int convert_ecdsa_sig(const struct jwt_ctx *ctx, struct buffer *signature
        ec_S = BN_bin2bn((unsigned char *)(b_orig(signature) + bignum_len), bignum_len, NULL);
 
        if (!ec_R || !ec_S) {
+               BN_free(ec_R);
+               BN_free(ec_S);
                retval = JWT_VRFY_INVALID_TOKEN;
                goto end;
        }
Mirror of https://github.com/haproxy/haproxy.git