From 69e2bd32efb756b59cea75af22d869679c448e91 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Wed, 27 Apr 2016 17:19:01 +0100
Subject: [PATCH] Don't leak memory on ASN1_item_pack() error path

The ASN1_item_pack() function was leaking an ASN1_STRING object on error
paths.

Reviewed-by: Richard Levitte <levitte@openssl.org>
---
 crypto/asn1/asn_pack.c | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/crypto/asn1/asn_pack.c b/crypto/asn1/asn_pack.c
index 7c302028c8..1f5be53189 100644
--- a/crypto/asn1/asn_pack.c
+++ b/crypto/asn1/asn_pack.c
@@ -17,28 +17,35 @@ ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
 {
     ASN1_STRING *octmp;
 
-     if (oct == NULL|| *oct== NULL) {
+     if (oct == NULL || *oct == NULL) {
         if ((octmp = ASN1_STRING_new()) == NULL) {
             ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE);
             return NULL;
         }
-        if (oct)
-            *oct = octmp;
-    } else
+    } else {
         octmp = *oct;
+    }
 
     OPENSSL_free(octmp->data);
     octmp->data = NULL;
 
     if ((octmp->length = ASN1_item_i2d(obj, &octmp->data, it)) == 0) {
         ASN1err(ASN1_F_ASN1_ITEM_PACK, ASN1_R_ENCODE_ERROR);
-        return NULL;
+        goto err;
     }
-    if (!octmp->data) {
+    if (octmp->data == NULL) {
         ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE);
-        return NULL;
+        goto err;
     }
+
+    if (oct != NULL && *oct == NULL)
+        *oct = octmp;
+
     return octmp;
+ err:
+    if (oct == NULL || *oct == NULL)
+        ASN1_STRING_free(octmp);
+    return NULL;
 }
 
 /* Extract an ASN1 object from an ASN1_STRING */
-- 
2.25.1