diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2020-06-12 14:12:59 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2021-04-04 23:40:11 +0900 |
commit | 99e863051851852411920047c7803b425564426a (patch) | |
tree | 94a1712a348a0e9d09554220698f8f769f47c1c7 /ext/openssl | |
parent | 11801ad6b12895329e00220599fba100746a9137 (diff) | |
download | ruby-openssl-99e863051851852411920047c7803b425564426a.tar.gz |
pkey: fix potential memory leak in PKey#sign
Fix potential leak of EVP_MD_CTX object in an error path. This path is
normally unreachable, since the size of a signature generated by any
supported algorithms would not be larger than LONG_MAX.
Diffstat (limited to 'ext/openssl')
-rw-r--r-- | ext/openssl/ossl_pkey.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c index 1c1f80bf..d3c65a4b 100644 --- a/ext/openssl/ossl_pkey.c +++ b/ext/openssl/ossl_pkey.c @@ -815,8 +815,10 @@ ossl_pkey_sign(VALUE self, VALUE digest, VALUE data) EVP_MD_CTX_free(ctx); ossl_raise(ePKeyError, "EVP_DigestSign"); } - if (siglen > LONG_MAX) + if (siglen > LONG_MAX) { + EVP_MD_CTX_free(ctx); rb_raise(ePKeyError, "signature would be too large"); + } sig = ossl_str_new(NULL, (long)siglen, &state); if (state) { EVP_MD_CTX_free(ctx); @@ -837,8 +839,10 @@ ossl_pkey_sign(VALUE self, VALUE digest, VALUE data) EVP_MD_CTX_free(ctx); ossl_raise(ePKeyError, "EVP_DigestSignFinal"); } - if (siglen > LONG_MAX) + if (siglen > LONG_MAX) { + EVP_MD_CTX_free(ctx); rb_raise(ePKeyError, "signature would be too large"); + } sig = ossl_str_new(NULL, (long)siglen, &state); if (state) { EVP_MD_CTX_free(ctx); |