Fix a possible memleak in PKCS7_add_attrib_smimecap

When PKCS7_add_signed_attribute fails, the ASN1_STRING object may be leaked. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22744) (cherry picked from commit ed3d2771278cfa1c355b40c681f5acc8404156c6)
author: Bernd Edlinger <bernd.edlinger@hotmail.de> 2023-11-15 20:32:59 +0100
committer: Richard Levitte <levitte@openssl.org> 2023-11-22 09:29:39 +0100
commit: 438c137a9d9c8767d9536965206df525477841c8 (patch)
tree: d93bf58047eec29a52b737a68b9c5a9c0ca5fbce /crypto
parent: 31595e5c5782aa7d2454c34e3ca9b47d4ab5e532 (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/crypto/pkcs7/pk7_attr.c b/crypto/pkcs7/pk7_attr.c
index e9904c5950..d02b6fd3d1 100644
--- a/crypto/pkcs7/pk7_attr.c
+++ b/crypto/pkcs7/pk7_attr.c
@@ -28,8 +28,12 @@ int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si,
     }
     seq->length = ASN1_item_i2d((ASN1_VALUE *)cap, &seq->data,
                                 ASN1_ITEM_rptr(X509_ALGORS));
-    return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities,
-                                      V_ASN1_SEQUENCE, seq);
+    if (!PKCS7_add_signed_attribute(si, NID_SMIMECapabilities,
+                                    V_ASN1_SEQUENCE, seq)) {
+        ASN1_STRING_free(seq);
+        return 0;
+    }
+    return 1;
 }
 
 STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
author	Bernd Edlinger <bernd.edlinger@hotmail.de>	2023-11-15 20:32:59 +0100
committer	Richard Levitte <levitte@openssl.org>	2023-11-22 09:29:39 +0100
commit	438c137a9d9c8767d9536965206df525477841c8 (patch)
tree	d93bf58047eec29a52b737a68b9c5a9c0ca5fbce /crypto
parent	31595e5c5782aa7d2454c34e3ca9b47d4ab5e532 (diff)