cryptodev_digest_update: don't leak original state->mac_data if realloc fails

Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
index 568e13161547f8af5e879891b08ff5b18c754860..c823eebe7c0efb80b95cc4b1da49c972f7a99263 100644 (file)
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
@@ -765,6 +765,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
        struct crypt_op cryp;
        struct dev_crypto_state *state = ctx->md_data;
        struct session_op *sess = &state->d_sess;
+       char *new_mac_data;
 
        if (!data || state->d_fd < 0) {
                printf("cryptodev_digest_update: illegal inputs \n");
@@ -777,12 +778,13 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
 
        if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
                /* if application doesn't support one buffer */
-               state->mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count);
+               new_mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count);
 
-               if (!state->mac_data) {
+               if (!new_mac_data) {
                        printf("cryptodev_digest_update: realloc failed\n");
                        return (0);
                }
+               state->mac_data = new_mac_data;
 
                memcpy(state->mac_data + state->mac_len, data, count);
                state->mac_len += count;