[openssl/openssl] 4e9a49: Fix memory leak in EVP_PKEY_get1_encoded_public_key.

slontis noreply at reply.github.openssl.org
Tue Jul 12 06:38:13 UTC 2022


  Branch: refs/heads/master
  Home:   https://github.openssl.org/openssl/openssl
  Commit: 4e9a4997c540e64647d4e1708a1dbda51fb59a68
      https://github.openssl.org/openssl/openssl/commit/4e9a4997c540e64647d4e1708a1dbda51fb59a68
  Author: slontis <shane.lontis at oracle.com>
  Date:   2022-07-12 (Tue, 12 Jul 2022)

  Changed paths:
    M crypto/evp/p_lib.c

  Log Message:
  -----------
  Fix memory leak in EVP_PKEY_get1_encoded_public_key.

Occurs if a failure happens after the malloc call in the second call to
EVP_PKEY_get_octet_string_param().

Detected by PR #18355

Some calling code assumes that nothing is allocated in the returned
pointer if there was a failure. Other calling code always trys freeing.
The third case is in ecdh_cms_encrypt() where it does not check the
return value. I am assuming this change is ok since the legacy path in
EVP_PKEY_get1_encoded_public_key() also does not return the pointer on
failure.

Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18739)




More information about the openssl-commits mailing list