diff options
author | Matt Caswell <matt@openssl.org> | 2018-05-01 09:29:17 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-05-08 08:43:39 +0100 |
commit | 3d551b20df1acd01f80d3ae00d37177e0fdf344a (patch) | |
tree | d480b063cc81fd3d432ef4c69a0f8ab49b049cf7 /crypto/cms | |
parent | 4ffc1842fa7da63b42da0e9553ebee33e2e173aa (diff) |
Fix a mem leak in CMS
The function CMS_RecipientInfo_set0_pkey() is a "set0" and therefore
memory management passes to OpenSSL. If the same function is called again
then we should ensure that any previous value that was set is freed first
before we set it again.
Fixes #5052
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6142)
Diffstat (limited to 'crypto/cms')
-rw-r--r-- | crypto/cms/cms_env.c | 1 | ||||
-rw-r--r-- | crypto/cms/cms_smime.c | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index 6ca3be71ad..7c2d420b54 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -282,6 +282,7 @@ int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey) CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, CMS_R_NOT_KEY_TRANSPORT); return 0; } + EVP_PKEY_free(ri->d.ktri->pkey); ri->d.ktri->pkey = pkey; return 1; } diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index 7e7b6e5d4f..76883bfb9b 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -631,6 +631,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert) * all. */ else if (!cert || !CMS_RecipientInfo_ktri_cert_cmp(ri, cert)) { + EVP_PKEY_up_ref(pk); CMS_RecipientInfo_set0_pkey(ri, pk); r = CMS_RecipientInfo_decrypt(cms, ri); CMS_RecipientInfo_set0_pkey(ri, NULL); |