Free memory on error in PKCS7_dataFinal()
authorMatt Caswell <matt@openssl.org>
Wed, 27 Apr 2016 13:09:35 +0000 (14:09 +0100)
committerMatt Caswell <matt@openssl.org>
Thu, 28 Apr 2016 12:13:09 +0000 (13:13 +0100)
The PKCS7_dataFinal() function allocates a memory buffer but then fails
to free it on an error condition.

Reviewed-by: Richard Levitte <levitte@openssl.org>
crypto/pkcs7/pk7_doit.c

index 9d66fc4..72bd54d 100644 (file)
@@ -808,6 +808,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                     goto err;
 
                 if (!EVP_SignFinal(ctx_tmp, abuf, &abuflen, si->pkey)) {
+                    OPENSSL_free(abuf);
                     PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_EVP_LIB);
                     goto err;
                 }