From: Mia Kanashi <chad@redpilled.dev>
Date: Thu, 5 Mar 2026 16:08:32 +0000 (+0200)
Subject: BUG/MINOR: jws: fix memory leak in jws_b64_signature
X-Git-Tag: v3.4-dev7~82
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b6e28bb4d78edc45464628203378dc4dc47fb849;p=thirdparty%2Fhaproxy.git

BUG/MINOR: jws: fix memory leak in jws_b64_signature

EVP_MD_CTX is allocated using EVP_MD_CTX_new() but was never freed.
ctx should be initialized to NULL otherwise EVP_MD_CTX_free(ctx) could
segfault.

Must be backported as far as 3.2.
---

diff --git a/src/jws.c b/src/jws.c
index d83ce9b96..7a4d83e6f 100644
--- a/src/jws.c
+++ b/src/jws.c
@@ -356,7 +356,7 @@ out:
  */
 size_t jws_b64_signature(EVP_PKEY *pkey, enum jwt_alg alg, char *b64protected, char *b64payload, char *dst, size_t dsize)
 {
-	EVP_MD_CTX *ctx;
+	EVP_MD_CTX *ctx = NULL;
 	const EVP_MD *evp_md = NULL;
 	int ret = 0;
 	struct buffer *sign = NULL;
@@ -450,6 +450,7 @@ size_t jws_b64_signature(EVP_PKEY *pkey, enum jwt_alg alg, char *b64protected, c
 	ret = a2base64url(sign->area, sign->data, dst, dsize);
 
 out:
+	EVP_MD_CTX_free(ctx);
 	free_trash_chunk(sign);
 
 	if (ret > 0)