CMS_ContentInfo_free(): fix mem leak on encrypted content key

Fixes #21026

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21058)

diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
index 2b06da468e2de952e5d00ce6e0ef66b5206aefaa..7c1ab5fa530e273795d388e2ebb25b8270006b7b 100644 (file)
--- a/crypto/cms/cms_env.c
+++ b/crypto/cms/cms_env.c
@@ -142,10 +142,12 @@ CMS_EncryptedContentInfo *ossl_cms_get0_env_enc_content(const CMS_ContentInfo *c
 {
     switch (cms_get_enveloped_type(cms)) {
     case CMS_ENVELOPED_STANDARD:
-        return cms->d.envelopedData->encryptedContentInfo;
+        return cms->d.envelopedData == NULL ? NULL
+            : cms->d.envelopedData->encryptedContentInfo;
 
     case CMS_ENVELOPED_AUTH:
-        return cms->d.authEnvelopedData->authEncryptedContentInfo;
+        return cms->d.authEnvelopedData == NULL ? NULL
+            : cms->d.authEnvelopedData->authEncryptedContentInfo;
 
     default:
         return NULL;

diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c
index a339f471e8fc73de14ef52b309ea7330a093753c..7e2010bff7612f350ebbecf18b4ccfa54f7049b8 100644 (file)
--- a/crypto/cms/cms_lib.c
+++ b/crypto/cms/cms_lib.c
@@ -74,6 +74,10 @@ CMS_ContentInfo *CMS_ContentInfo_new(void)
 void CMS_ContentInfo_free(CMS_ContentInfo *cms)
 {
     if (cms != NULL) {
+        CMS_EncryptedContentInfo *ec = ossl_cms_get0_env_enc_content(cms);
+
+        if (ec != NULL)
+            OPENSSL_clear_free(ec->key, ec->keylen);
         OPENSSL_free(cms->ctx.propq);
         ASN1_item_free((ASN1_VALUE *)cms, ASN1_ITEM_rptr(CMS_ContentInfo));
     }