[openssl/openssl] f77057: free oaep label-octet-string on error

James Muir noreply at github.com
Mon Oct 30 08:00:14 UTC 2023


  Branch: refs/heads/openssl-3.2
  Home:   https://github.com/openssl/openssl
  Commit: f77057815be474528ad0e798e08bc9b36a7d4a4d
      https://github.com/openssl/openssl/commit/f77057815be474528ad0e798e08bc9b36a7d4a4d
  Author: James Muir <james at openssl.org>
  Date:   2023-10-30 (Mon, 30 Oct 2023)

  Changed paths:
    M crypto/cms/cms_rsa.c

  Log Message:
  -----------
  free oaep label-octet-string on error

When successful, ossl_X509_ALGOR_from_nid() returns a pointer to an
X509_ALGOR object.  Inside ossl_X509_ALGOR_from_nid(),
X509_ALGOR_set0() is called, and this passes ownership of the ASN1
object "los" (label octet string) to the X509_ALGOR object.  When
ossl_X509_ALGOR_from_nid() fails, ownership has not been passed on and
we need to free "los".

Change the scope of "los" and ensure it is freed on failure (on
success, set it to NULL so it is not freed inside the function).

Fixes #22336

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22495)

(cherry picked from commit 83efd7170bfa48a3263fcf8c771a6029646e8ad2)




More information about the openssl-commits mailing list