diff options
author | Matt Caswell <matt@openssl.org> | 2016-04-27 13:18:38 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-04-28 13:13:09 +0100 |
commit | 29f4c357f045562d7eb7837ae890efc1bf4809a2 (patch) | |
tree | b01c9358ede1fb64b58d6b8ec29c0c06d22fc69b /crypto/cms | |
parent | d71eb667c403d9781ef919794e29a79eb930ab88 (diff) | |
download | openssl-29f4c357f045562d7eb7837ae890efc1bf4809a2.tar.gz |
Don't leak memory on error in cms_RecipientInfo_pwri_crypt
The cms_RecipientInfo_pwri_crypt() allocated an EVP_CIPHER_CTX but then
failed to free it in some error paths. By allocating it a bit later that
can be avoided.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'crypto/cms')
-rw-r--r-- | crypto/cms/cms_pwri.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index 5ab20e2bfa..3e1328ccea 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -323,7 +323,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, CMS_PasswordRecipientInfo *pwri; int r = 0; X509_ALGOR *algtmp, *kekalg = NULL; - EVP_CIPHER_CTX *kekctx; + EVP_CIPHER_CTX *kekctx = NULL; const EVP_CIPHER *kekcipher; unsigned char *key = NULL; size_t keylen; @@ -331,7 +331,6 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, ec = cms->d.envelopedData->encryptedContentInfo; pwri = ri->d.pwri; - kekctx = EVP_CIPHER_CTX_new(); if (!pwri->pass) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_NO_PASSWORD); @@ -358,9 +357,14 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, if (!kekcipher) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNKNOWN_CIPHER); - goto err; + return 0; } + kekctx = EVP_CIPHER_CTX_new(); + if (kekctx == NULL) { + CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_MALLOC_FAILURE); + return 0; + } /* Fixup cipher based on AlgorithmIdentifier to set IV etc */ if (!EVP_CipherInit_ex(kekctx, kekcipher, NULL, NULL, NULL, en_de)) goto err; |