Fix a failure to NULL a pointer freed on error.

Reported by the LibreSSL project as a follow on to CVE-2015-0209 Reviewed-by: Richard Levitte <levitte@openssl.org>
author: Matt Caswell <matt@openssl.org> 2015-03-19 10:16:32 +0000
committer: Matt Caswell <matt@openssl.org> 2015-03-19 13:01:13 +0000
commit: 5e5d53d341fd9a9b9cc0a58eb3690832ca7a511f (patch)
tree: ef0d4188017e0a8db017b5b3eaac83193faced75 /crypto/ec
parent: 367eab2f9f1d1131356118507d21534558863365 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index 6ff94a3563..b4b0e9f3b8 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -1226,16 +1226,19 @@ EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len)
             ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
             return NULL;
         }
-        if (a)
-            *a = ret;
     } else
         ret = *a;
 
     if (!d2i_ECPKParameters(&ret->group, in, len)) {
         ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB);
+        if (a == NULL || *a != ret)
+             EC_KEY_free(ret);
         return NULL;
     }
 
+    if (a)
+        *a = ret;
+
     return ret;
 }
author	Matt Caswell <matt@openssl.org>	2015-03-19 10:16:32 +0000
committer	Matt Caswell <matt@openssl.org>	2015-03-19 13:01:13 +0000
commit	5e5d53d341fd9a9b9cc0a58eb3690832ca7a511f (patch)
tree	ef0d4188017e0a8db017b5b3eaac83193faced75 /crypto/ec
parent	367eab2f9f1d1131356118507d21534558863365 (diff)