diff options
| author | Matt Caswell <matt@openssl.org> | 2018-05-01 09:29:17 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2018-05-08 08:49:03 +0100 |
| commit | 2ddfe60be50bfeebd64e01b123fd7176e7226c87 (patch) | |
| tree | 2b992cbd4f5458aeeb9200a5a2ebd4b9f01974df | |
| parent | 414d19d0341407b211c64729df37889e2c572e12 (diff) | |
Fix a mem leak in CMS
The function CMS_RecipientInfo_set0_pkey() is a "set0" and therefore
memory management passes to OpenSSL. If the same function is called again
then we should ensure that any previous value that was set is freed first
before we set it again.
Fixes #5052
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6142)
(cherry picked from commit 3d551b20df1acd01f80d3ae00d37177e0fdf344a)
| -rw-r--r-- | crypto/cms/cms_env.c | 1 | ||||
| -rw-r--r-- | crypto/cms/cms_smime.c | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index 8d45943530..3ecda301cd 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -282,6 +282,7 @@ int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey) CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, CMS_R_NOT_KEY_TRANSPORT); return 0; } + EVP_PKEY_free(ri->d.ktri->pkey); ri->d.ktri->pkey = pkey; return 1; } diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index 7e7b6e5d4f..76883bfb9b 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -631,6 +631,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert) * all. */ else if (!cert || !CMS_RecipientInfo_ktri_cert_cmp(ri, cert)) { + EVP_PKEY_up_ref(pk); CMS_RecipientInfo_set0_pkey(ri, pk); r = CMS_RecipientInfo_decrypt(cms, ri); CMS_RecipientInfo_set0_pkey(ri, NULL); |