Don't leak memory on ASN1_item_pack() error path
authorMatt Caswell <matt@openssl.org>
Wed, 27 Apr 2016 16:19:01 +0000 (17:19 +0100)
committerMatt Caswell <matt@openssl.org>
Wed, 1 Jun 2016 17:00:53 +0000 (18:00 +0100)
The ASN1_item_pack() function was leaking an ASN1_STRING object on error
paths.

Reviewed-by: Richard Levitte <levitte@openssl.org>
crypto/asn1/asn_pack.c

index 7c302028c87321abaabddf9c8fb9f8d088a0844d..1f5be531896f6056cedb8cd36a23f7c4f672d72e 100644 (file)
@@ -17,28 +17,35 @@ ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
 {
     ASN1_STRING *octmp;
 
-     if (oct == NULL|| *oct== NULL) {
+     if (oct == NULL || *oct == NULL) {
         if ((octmp = ASN1_STRING_new()) == NULL) {
             ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE);
             return NULL;
         }
-        if (oct)
-            *oct = octmp;
-    } else
+    } else {
         octmp = *oct;
+    }
 
     OPENSSL_free(octmp->data);
     octmp->data = NULL;
 
     if ((octmp->length = ASN1_item_i2d(obj, &octmp->data, it)) == 0) {
         ASN1err(ASN1_F_ASN1_ITEM_PACK, ASN1_R_ENCODE_ERROR);
-        return NULL;
+        goto err;
     }
-    if (!octmp->data) {
+    if (octmp->data == NULL) {
         ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE);
-        return NULL;
+        goto err;
     }
+
+    if (oct != NULL && *oct == NULL)
+        *oct = octmp;
+
     return octmp;
+ err:
+    if (oct == NULL || *oct == NULL)
+        ASN1_STRING_free(octmp);
+    return NULL;
 }
 
 /* Extract an ASN1 object from an ASN1_STRING */