From 0e9eb1a57bd2e12eda7939f053240499f6169d74 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Wed, 27 Apr 2016 14:38:44 +0100
Subject: Free tempory data on error in ec_wNAF_mul()

The ec_wNAF_mul() function allocates some temporary storage that it
doesn't always free on an error condition.

Reviewed-by: Richard Levitte <levitte@openssl.org>
---
 crypto/ec/ec_mult.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'crypto/ec')

diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c
index 4215dc783a..036cdde490 100644
--- a/crypto/ec/ec_mult.c
+++ b/crypto/ec/ec_mult.c
@@ -312,6 +312,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
                     numblocks = (tmp_len + blocksize - 1) / blocksize;
                     if (numblocks > pre_comp->numblocks) {
                         ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                        OPENSSL_free(tmp_wNAF);
                         goto err;
                     }
                     totalnum = num + numblocks;
@@ -326,6 +327,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
                         wNAF_len[i] = blocksize;
                         if (tmp_len < blocksize) {
                             ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                            OPENSSL_free(tmp_wNAF);
                             goto err;
                         }
                         tmp_len -= blocksize;
-- 
cgit v1.2.3