Don't free ret->data if malloc fails.
authorDr. Stephen Henson <steve@openssl.org>
Wed, 27 Apr 2016 19:27:41 +0000 (20:27 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 29 Apr 2016 20:43:12 +0000 (21:43 +0100)
Issue reported by Guido Vranken.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 64eaf6c928f4066d62aa86f805796ef05bd0b1cc)

crypto/asn1/a_bytes.c

index 12715a7..385b539 100644 (file)
@@ -200,13 +200,13 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
     } else {
         if (len != 0) {
             if ((ret->length < len) || (ret->data == NULL)) {
-                if (ret->data != NULL)
-                    OPENSSL_free(ret->data);
                 s = (unsigned char *)OPENSSL_malloc((int)len + 1);
                 if (s == NULL) {
                     i = ERR_R_MALLOC_FAILURE;
                     goto err;
                 }
+                if (ret->data != NULL)
+                    OPENSSL_free(ret->data);
             } else
                 s = ret->data;
             memcpy(s, p, (int)len);