From: Willy Tarreau <w@1wt.eu>
Date: Wed, 29 Apr 2026 09:26:00 +0000 (+0200)
Subject: BUG/MINOR: jwt: fix possible memory leak in convert_ecdsa_sig() error path
X-Git-Tag: v3.4-dev13~50
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=d4a4be6c34a8b13f564f99a0aad8d4ef2cb6b055;p=thirdparty%2Fhaproxy.git

BUG/MINOR: jwt: fix possible memory leak in convert_ecdsa_sig() error path

The allocated ec_R and ec_S were not released in case one of the two
would fail to be allocated/created, and would cause a memory leak. Let's
add the missing BN_free(). This may be backported to 2.4.
---

diff --git a/src/jwt.c b/src/jwt.c
index 5359678af..8eb4f063c 100644
--- a/src/jwt.c
+++ b/src/jwt.c
@@ -324,6 +324,8 @@ static int convert_ecdsa_sig(const struct jwt_ctx *ctx, struct buffer *signature
 	ec_S = BN_bin2bn((unsigned char *)(b_orig(signature) + bignum_len), bignum_len, NULL);
 
 	if (!ec_R || !ec_S) {
+		BN_free(ec_R);
+		BN_free(ec_S);
 		retval = JWT_VRFY_INVALID_TOKEN;
 		goto end;
 	}