diff options
author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2023-11-15 19:14:54 +0100 |
---|---|---|
committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2023-12-04 12:54:08 +0100 |
commit | 3af29bf9f99d3e0e90cc72180898802375b88d3b (patch) | |
tree | fd88f949da4e40dcbff282013adfb321f27cf2ed /crypto | |
parent | 035cadca90466a60a478684f5518ab25fc64a608 (diff) |
Fix a possible memory leak in CMS_add_simple_smimecap
The return code of X509_ALGOR_set0 was not checked,
and if it fails the key will be leaked.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22741)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/cms/cms_sd.c | 31 |
1 files changed, 16 insertions, 15 deletions
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index cfac556957..9788322f8d 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -1068,31 +1068,32 @@ int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs) int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, int algnid, int keysize) { - X509_ALGOR *alg; + X509_ALGOR *alg = NULL; ASN1_INTEGER *key = NULL; if (keysize > 0) { key = ASN1_INTEGER_new(); - if (key == NULL || !ASN1_INTEGER_set(key, keysize)) { - ASN1_INTEGER_free(key); - return 0; - } + if (key == NULL || !ASN1_INTEGER_set(key, keysize)) + goto err; } alg = X509_ALGOR_new(); - if (alg == NULL) { - ASN1_INTEGER_free(key); - return 0; - } + if (alg == NULL) + goto err; - X509_ALGOR_set0(alg, OBJ_nid2obj(algnid), - key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key); + if (!X509_ALGOR_set0(alg, OBJ_nid2obj(algnid), + key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key)) + goto err; + key = NULL; if (*algs == NULL) *algs = sk_X509_ALGOR_new_null(); - if (*algs == NULL || !sk_X509_ALGOR_push(*algs, alg)) { - X509_ALGOR_free(alg); - return 0; - } + if (*algs == NULL || !sk_X509_ALGOR_push(*algs, alg)) + goto err; return 1; + + err: + ASN1_INTEGER_free(key); + X509_ALGOR_free(alg); + return 0; } /* Check to see if a cipher exists and if so add S/MIME capabilities */ |