Occurs if a malloc failure happens inside collect_numbers()
Reported via #18365
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18646)
(cherry picked from commit
28adea95975c3ea53fc590efda35dee13efd4767)
if (p != NULL) {
BIGNUM *tmp = NULL;
- if (!OSSL_PARAM_get_BN(p, &tmp)
- || sk_BIGNUM_push(numbers, tmp) == 0)
+ if (!OSSL_PARAM_get_BN(p, &tmp))
return 0;
+ if (sk_BIGNUM_push(numbers, tmp) == 0) {
+ BN_clear_free(tmp);
+ return 0;
+ }
}
}