From 29f4c357f045562d7eb7837ae890efc1bf4809a2 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 27 Apr 2016 13:18:38 +0100 Subject: [PATCH] Don't leak memory on error in cms_RecipientInfo_pwri_crypt The cms_RecipientInfo_pwri_crypt() allocated an EVP_CIPHER_CTX but then failed to free it in some error paths. By allocating it a bit later that can be avoided. Reviewed-by: Richard Levitte --- crypto/cms/cms_pwri.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index 5ab20e2bfa..3e1328ccea 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -323,7 +323,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, CMS_PasswordRecipientInfo *pwri; int r = 0; X509_ALGOR *algtmp, *kekalg = NULL; - EVP_CIPHER_CTX *kekctx; + EVP_CIPHER_CTX *kekctx = NULL; const EVP_CIPHER *kekcipher; unsigned char *key = NULL; size_t keylen; @@ -331,7 +331,6 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, ec = cms->d.envelopedData->encryptedContentInfo; pwri = ri->d.pwri; - kekctx = EVP_CIPHER_CTX_new(); if (!pwri->pass) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_NO_PASSWORD); @@ -358,9 +357,14 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, if (!kekcipher) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNKNOWN_CIPHER); - goto err; + return 0; } + kekctx = EVP_CIPHER_CTX_new(); + if (kekctx == NULL) { + CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_MALLOC_FAILURE); + return 0; + } /* Fixup cipher based on AlgorithmIdentifier to set IV etc */ if (!EVP_CipherInit_ex(kekctx, kekcipher, NULL, NULL, NULL, en_de)) goto err; -- 2.40.0