From: Matt Caswell <matt@openssl.org>
Date: Wed, 27 Apr 2016 13:09:35 +0000 (+0100)
Subject: Free memory on error in PKCS7_dataFinal()
X-Git-Tag: OpenSSL_1_1_0-pre6~1026
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=d54ac5c4bfcb75967960492de31a83fbc7c46673;p=oweals%2Fopenssl.git

Free memory on error in PKCS7_dataFinal()

The PKCS7_dataFinal() function allocates a memory buffer but then fails
to free it on an error condition.

Reviewed-by: Richard Levitte <levitte@openssl.org>
---

diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 9d66fc4007..72bd54d627 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -808,6 +808,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                     goto err;
 
                 if (!EVP_SignFinal(ctx_tmp, abuf, &abuflen, si->pkey)) {
+                    OPENSSL_free(abuf);
                     PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_EVP_LIB);
                     goto err;
                 }