Fix memleak in PKCS12_pbe_crypt_ex()

Makes sure that the variable 'out' is free on every error path. Fixes #18689 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18808) (cherry picked from commit af801ec89205aaf6ebf8522d510d0b1fc29e3233)
author: Roberto Hueso Gomez <roberto@robertohueso.org> 2022-07-15 11:21:30 +0200
committer: Tomas Mraz <tomas@openssl.org> 2022-07-18 10:19:44 +0200
commit: 3221eee7e0053cf6db54d0409f4f3b26df5fbbbd (patch)
tree: 8963e2ea81eb7aa432644569b7bfe566a2800994 /crypto/pkcs12
parent: c09ce497e557ecf8ee44f4cb849955698b424027 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c
index 87232e7737..c4c63a2701 100644
--- a/crypto/pkcs12/p12_decr.c
+++ b/crypto/pkcs12/p12_decr.c
@@ -94,6 +94,8 @@ unsigned char *PKCS12_pbe_crypt_ex(const X509_ALGOR *algor,
         if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
             if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
                 (int)mac_len, out+outlen) < 0) {
+                OPENSSL_free(out);
+                out = NULL;
                 ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR);
                 goto err;
             }
author	Roberto Hueso Gomez <roberto@robertohueso.org>	2022-07-15 11:21:30 +0200
committer	Tomas Mraz <tomas@openssl.org>	2022-07-18 10:19:44 +0200
commit	3221eee7e0053cf6db54d0409f4f3b26df5fbbbd (patch)
tree	8963e2ea81eb7aa432644569b7bfe566a2800994 /crypto/pkcs12
parent	c09ce497e557ecf8ee44f4cb849955698b424027 (diff)