From: Matt Caswell <matt@openssl.org>
Date: Wed, 27 Apr 2016 12:18:38 +0000 (+0100)
Subject: Don't leak memory on error in cms_RecipientInfo_pwri_crypt
X-Git-Tag: OpenSSL_1_1_0-pre6~1033
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=29f4c357f045562d7eb7837ae890efc1bf4809a2;p=openssl

Don't leak memory on error in cms_RecipientInfo_pwri_crypt

The cms_RecipientInfo_pwri_crypt() allocated an EVP_CIPHER_CTX but then
failed to free it in some error paths. By allocating it a bit later that
can be avoided.

Reviewed-by: Richard Levitte <levitte@openssl.org>
---

diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
index 5ab20e2bfa..3e1328ccea 100644
--- a/crypto/cms/cms_pwri.c
+++ b/crypto/cms/cms_pwri.c
@@ -323,7 +323,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
     CMS_PasswordRecipientInfo *pwri;
     int r = 0;
     X509_ALGOR *algtmp, *kekalg = NULL;
-    EVP_CIPHER_CTX *kekctx;
+    EVP_CIPHER_CTX *kekctx = NULL;
     const EVP_CIPHER *kekcipher;
     unsigned char *key = NULL;
     size_t keylen;
@@ -331,7 +331,6 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
     ec = cms->d.envelopedData->encryptedContentInfo;
 
     pwri = ri->d.pwri;
-    kekctx = EVP_CIPHER_CTX_new();
 
     if (!pwri->pass) {
         CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_NO_PASSWORD);
@@ -358,9 +357,14 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
 
     if (!kekcipher) {
         CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNKNOWN_CIPHER);
-        goto err;
+        return 0;
     }
 
+    kekctx = EVP_CIPHER_CTX_new();
+    if (kekctx == NULL) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
     /* Fixup cipher based on AlgorithmIdentifier to set IV etc */
     if (!EVP_CipherInit_ex(kekctx, kekcipher, NULL, NULL, NULL, en_de))
         goto err;