From d54ac5c4bfcb75967960492de31a83fbc7c46673 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Wed, 27 Apr 2016 14:09:35 +0100
Subject: [PATCH] Free memory on error in PKCS7_dataFinal()

The PKCS7_dataFinal() function allocates a memory buffer but then fails
to free it on an error condition.

Reviewed-by: Richard Levitte <levitte@openssl.org>
---
 crypto/pkcs7/pk7_doit.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 9d66fc4007..72bd54d627 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -808,6 +808,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                     goto err;
 
                 if (!EVP_SignFinal(ctx_tmp, abuf, &abuflen, si->pkey)) {
+                    OPENSSL_free(abuf);
                     PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_EVP_LIB);
                     goto err;
                 }
-- 
2.25.1