diff options
author | Matt Caswell <matt@openssl.org> | 2016-04-27 13:52:37 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-04-28 13:13:09 +0100 |
commit | 204cf9406e8f8cd1e3748e69a19e35bf0c224443 (patch) | |
tree | d1d3fa1a51a161ec4d10faee59f47ef67be9dea1 /crypto/pem | |
parent | a4e584a610e4a73f1fd7edef7e5b301c0be18bbf (diff) | |
download | openssl-204cf9406e8f8cd1e3748e69a19e35bf0c224443.tar.gz |
Don't leak memory on error in b2i_rsa
The b2i_rsa() function uses a number of temporary local variables which
get leaked on an error path.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'crypto/pem')
-rw-r--r-- | crypto/pem/pvkfmt.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index 634cc5924d..85ab677a21 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -356,6 +356,7 @@ static EVP_PKEY *b2i_rsa(const unsigned char **in, const unsigned char *pin = *in; EVP_PKEY *ret = NULL; BIGNUM *e = NULL, *n = NULL, *d = NULL; + BIGNUM *p = NULL, *q = NULL, *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL; RSA *rsa = NULL; unsigned int nbyte, hnbyte; nbyte = (bitlen + 7) >> 3; @@ -372,7 +373,6 @@ static EVP_PKEY *b2i_rsa(const unsigned char **in, if (!read_lebn(&pin, nbyte, &n)) goto memerr; if (!ispub) { - BIGNUM *p = NULL, *q = NULL, *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL; if (!read_lebn(&pin, hnbyte, &p)) goto memerr; if (!read_lebn(&pin, hnbyte, &q)) @@ -396,6 +396,14 @@ static EVP_PKEY *b2i_rsa(const unsigned char **in, return ret; memerr: PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE); + BN_free(e); + BN_free(n); + BN_free(p); + BN_free(q); + BN_free(dmp1); + BN_free(dmq1); + BN_free(iqmp); + BN_free(d); RSA_free(rsa); EVP_PKEY_free(ret); return NULL; |