From f8cc8caab7176a65731520f3130dc059e5d5773e Mon Sep 17 00:00:00 2001 From: Andre Noll Date: Wed, 29 Aug 2018 12:14:38 +0200 Subject: [PATCH] openssl: Fix memory leak in read_rsa_bignums(). If an error occurs while reading the second bignum we leak the memory allocated for the first bignum. --- openssl.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/openssl.c b/openssl.c index 7d5bb25d..4895e176 100644 --- a/openssl.c +++ b/openssl.c @@ -124,11 +124,11 @@ static int read_rsa_bignums(const unsigned char *blob, int blen, RSA **result) return -E_BIGNUM; ret = read_bignum(p, end - p, &e); if (ret < 0) - goto fail; + goto free_rsa; p += ret; ret = read_bignum(p, end - p, &n); if (ret < 0) - goto fail; + goto free_e; #ifdef HAVE_RSA_SET0_KEY RSA_set0_key(rsa, n, e, NULL); #else @@ -137,7 +137,9 @@ static int read_rsa_bignums(const unsigned char *blob, int blen, RSA **result) #endif *result = rsa; return 1; -fail: +free_e: + BN_free(e); +free_rsa: RSA_free(rsa); return ret; } -- 2.39.5