Free tempory data on error in ec_wNAF_mul()
authorMatt Caswell <matt@openssl.org>
Wed, 27 Apr 2016 13:38:44 +0000 (14:38 +0100)
committerMatt Caswell <matt@openssl.org>
Wed, 1 Jun 2016 17:00:53 +0000 (18:00 +0100)
The ec_wNAF_mul() function allocates some temporary storage that it
doesn't always free on an error condition.

Reviewed-by: Richard Levitte <levitte@openssl.org>
crypto/ec/ec_mult.c

index 4215dc783adbbeee9c08e40a2ad571961a5c84c4..036cdde490ba9a5f058b58a5796fb44767fce76f 100644 (file)
@@ -312,6 +312,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
                     numblocks = (tmp_len + blocksize - 1) / blocksize;
                     if (numblocks > pre_comp->numblocks) {
                         ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                        OPENSSL_free(tmp_wNAF);
                         goto err;
                     }
                     totalnum = num + numblocks;
@@ -326,6 +327,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
                         wNAF_len[i] = blocksize;
                         if (tmp_len < blocksize) {
                             ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                            OPENSSL_free(tmp_wNAF);
                             goto err;
                         }
                         tmp_len -= blocksize;