Free memory on an error path

The function a2i_ASN1_STRING can encounter an error after already
allocating a buffer. It wasn't always freeing that buffer on error.

Reviewed-by: Richard Levitte <levitte@openssl.org>

diff --git a/crypto/asn1/f_string.c b/crypto/asn1/f_string.c
index f9a77a2cde2ad525d3b56a6a1f21ca8904ee0e4b..0e03139344bf312e0056a17edf2cbd15cbaa79c1 100644 (file)
--- a/crypto/asn1/f_string.c
+++ b/crypto/asn1/f_string.c
@@ -104,6 +104,7 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
         i -= again;
         if (i % 2 != 0) {
             ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_ODD_NUMBER_OF_CHARS);
+            OPENSSL_free(s);
             return 0;
         }
         i /= 2;
@@ -123,6 +124,7 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
                 if (m < 0) {
                     ASN1err(ASN1_F_A2I_ASN1_STRING,
                             ASN1_R_NON_HEX_CHARACTERS);
+                    OPENSSL_free(s);
                     return 0;
                 }
                 s[num + j] <<= 4;
@@ -141,5 +143,6 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
 
  err:
     ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_SHORT_LINE);
+    OPENSSL_free(s);
     return 0;
 }