Fix memory leak in ossl_rsa_fromdata.

Occurs if a malloc failure happens inside collect_numbers() Reported via #18365 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18646) (cherry picked from commit 28adea95975c3ea53fc590efda35dee13efd4767)
author: slontis <shane.lontis@oracle.com> 2022-06-24 14:01:07 +1000
committer: Tomas Mraz <tomas@openssl.org> 2022-06-28 17:08:42 +0200
commit: a99b372157561560da526e212a5c6a74e1cd2d82 (patch)
tree: 6f1f19ab3edd362de24abab1f0541cd4eac89e38
parent: 23b7dd6a1646f6050a7c9e43508999773e8a8805 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/crypto/rsa/rsa_backend.c b/crypto/rsa/rsa_backend.c
index 254ebdb242..58187fa2ef 100644
--- a/crypto/rsa/rsa_backend.c
+++ b/crypto/rsa/rsa_backend.c
@@ -49,9 +49,12 @@ static int collect_numbers(STACK_OF(BIGNUM) *numbers,
         if (p != NULL) {
             BIGNUM *tmp = NULL;
 
-            if (!OSSL_PARAM_get_BN(p, &tmp)
-                || sk_BIGNUM_push(numbers, tmp) == 0)
+            if (!OSSL_PARAM_get_BN(p, &tmp))
                 return 0;
+            if (sk_BIGNUM_push(numbers, tmp) == 0) {
+                BN_clear_free(tmp);
+                return 0;
+            }
         }
     }
author	slontis <shane.lontis@oracle.com>	2022-06-24 14:01:07 +1000
committer	Tomas Mraz <tomas@openssl.org>	2022-06-28 17:08:42 +0200
commit	a99b372157561560da526e212a5c6a74e1cd2d82 (patch)
tree	6f1f19ab3edd362de24abab1f0541cd4eac89e38
parent	23b7dd6a1646f6050a7c9e43508999773e8a8805 (diff)