[openssl/openssl] f6b635: Fix memory leak in EVP_PKEY_get1_encoded_public_key.
slontis
noreply at reply.github.openssl.org
Tue Jul 12 06:38:55 UTC 2022
Branch: refs/heads/openssl-3.0
Home: https://github.openssl.org/openssl/openssl
Commit: f6b6356fdbee336fa2169643ca3e9ad3db19caea
https://github.openssl.org/openssl/openssl/commit/f6b6356fdbee336fa2169643ca3e9ad3db19caea
Author: slontis <shane.lontis at oracle.com>
Date: 2022-07-12 (Tue, 12 Jul 2022)
Changed paths:
M crypto/evp/p_lib.c
Log Message:
-----------
Fix memory leak in EVP_PKEY_get1_encoded_public_key.
Occurs if a failure happens after the malloc call in the second call to
EVP_PKEY_get_octet_string_param().
Detected by PR #18355
Some calling code assumes that nothing is allocated in the returned
pointer if there was a failure. Other calling code always trys freeing.
The third case is in ecdh_cms_encrypt() where it does not check the
return value. I am assuming this change is ok since the legacy path in
EVP_PKEY_get1_encoded_public_key() also does not return the pointer on
failure.
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18739)
(cherry picked from commit 4e9a4997c540e64647d4e1708a1dbda51fb59a68)
More information about the openssl-commits
mailing list