[openssl/openssl] 63541b: Fix mem leak in ECDSA_sign().

Shane noreply at github.com
Fri Mar 31 19:08:38 UTC 2023


  Branch: refs/heads/openssl-3.0
  Home:   https://github.com/openssl/openssl
  Commit: 63541ba3b0232047e452ab5d90a4c33a09271cdb
      https://github.com/openssl/openssl/commit/63541ba3b0232047e452ab5d90a4c33a09271cdb
  Author: slontis <shane.lontis at oracle.com>
  Date:   2023-03-31 (Fri, 31 Mar 2023)

  Changed paths:
    M crypto/ec/ecdsa_ossl.c
    M crypto/sm2/sm2_sign.c
    M test/ecdsatest.c

  Log Message:
  -----------
  Fix mem leak in ECDSA_sign().

Similiar to the issue found in PR #20553 for DSA_sign().
ECDSA_sign() leaked memory if the signature was NULL
when i2d_ECDSA_SIG was called.

Note that this does not affect the higher level EVP
functions as they correctly handle NULL.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Todd Short <todd.short at me.com>
(Merged from https://github.com/openssl/openssl/pull/20554)

(cherry picked from commit 4befe81a99b89c52b749a87eece82c1cba4fab12)
(cherry picked from commit 680b4be65eba2658c1d807dd9838ca88301bb7dd)




More information about the openssl-commits mailing list