Memory leak fix: RSA_blinding_on() didn't free Ai under certain circumstances.

[openssl.git] / crypto / rsa / rsa_lib.c

diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index 53c5092014befdd6f45b17051248b98618b14658..e4d622851eed84b1e9d4ec76e36e6db76f12a1cb 100644 (file)
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -316,7 +316,7 @@ void RSA_blinding_off(RSA *rsa)
 
 int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
        {
-       BIGNUM *A,*Ai;
+       BIGNUM *A,*Ai = NULL;
        BN_CTX *ctx;
        int ret=0;
 
@@ -327,8 +327,12 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
        else
                ctx=p_ctx;
 
+       /* XXXXX: Shouldn't this be RSA_blinding_off(rsa)? */
        if (rsa->blinding != NULL)
+               {
                BN_BLINDING_free(rsa->blinding);
+               rsa->blinding = NULL;
+               }
 
        /* NB: similar code appears in setup_blinding (rsa_eay.c);
         * this should be placed in a new function of its own, but for reasons
@@ -356,9 +360,9 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
        rsa->blinding->thread_id = CRYPTO_thread_id();
        rsa->flags |= RSA_FLAG_BLINDING;
        rsa->flags &= ~RSA_FLAG_NO_BLINDING;
-       BN_free(Ai);
        ret=1;
 err:
+       if (Ai != NULL) BN_free(Ai);
        BN_CTX_end(ctx);
        if (ctx != p_ctx) BN_CTX_free(ctx);
        return(ret);