Fix mem leak on error path

The mem pointed to by cAB can be leaked on an error path. Reviewed-by: Tim Hudson <tjh@openssl.org>
author: Matt Caswell <matt@openssl.org> 2016-08-22 23:23:31 +0100
committer: Matt Caswell <matt@openssl.org> 2016-08-23 00:19:15 +0100
commit: 4162c7d378722581aeea7d90d4aa46ac2c49abd8 (patch)
tree: b10333da53419ed8db6665d8da185a4cd9c9f9f8 /crypto/srp
parent: 85d6b09ddaf32a67a351521f84651c3193286663 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c
index f146f820e7..ddd86b7517 100644
--- a/crypto/srp/srp_lib.c
+++ b/crypto/srp/srp_lib.c
@@ -168,7 +168,7 @@ BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass)
 {
     unsigned char dig[SHA_DIGEST_LENGTH];
     EVP_MD_CTX *ctxt;
-    unsigned char *cs;
+    unsigned char *cs = NULL;
     BIGNUM *res = NULL;
 
     if ((s == NULL) || (user == NULL) || (pass == NULL))
@@ -190,13 +190,15 @@ BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass)
     BN_bn2bin(s, cs);
     if (!EVP_DigestUpdate(ctxt, cs, BN_num_bytes(s)))
         goto err;
-    OPENSSL_free(cs);
+
     if (!EVP_DigestUpdate(ctxt, dig, sizeof(dig))
         || !EVP_DigestFinal_ex(ctxt, dig, NULL))
         goto err;
 
     res = BN_bin2bn(dig, sizeof(dig), NULL);
+
  err:
+    OPENSSL_free(cs);
     EVP_MD_CTX_free(ctxt);
     return res;
 }
author	Matt Caswell <matt@openssl.org>	2016-08-22 23:23:31 +0100
committer	Matt Caswell <matt@openssl.org>	2016-08-23 00:19:15 +0100
commit	4162c7d378722581aeea7d90d4aa46ac2c49abd8 (patch)
tree	b10333da53419ed8db6665d8da185a4cd9c9f9f8 /crypto/srp
parent	85d6b09ddaf32a67a351521f84651c3193286663 (diff)