From b141d89b27e52c3a8e76ca79ec5201d001f4fce9 Mon Sep 17 00:00:00 2001
From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Mon, 3 Sep 2018 09:43:45 +0200
Subject: [PATCH] Release memory in case of error in the OpenSSL ECDSA
 constructor

The current code will only fail to release the allocated memory if
called with an invalid algorithm, which won't happen, or if a
memory allocation fails in which case this might not matter much.
Still, it's cleaner to release the memory properly and might avoid
mistakes later if we look at this code while implementing a new
crypto backend.
---
 pdns/opensslsigners.cc | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/pdns/opensslsigners.cc b/pdns/opensslsigners.cc
index daff5a538..6a2e85694 100644
--- a/pdns/opensslsigners.cc
+++ b/pdns/opensslsigners.cc
@@ -616,14 +616,19 @@ public:
       d_ecgroup = EC_GROUP_new_by_curve_name(NID_secp384r1);
       d_len = 48;
     } else {
+      EC_KEY_free(d_eckey);
       throw runtime_error(getName()+" unknown algorithm "+std::to_string(d_algorithm));
     }
+
     if (d_ecgroup == NULL) {
+      EC_KEY_free(d_eckey);
       throw runtime_error(getName()+" allocation of group structure failed");
     }
 
-    ret = EC_KEY_set_group(d_eckey,d_ecgroup);
+    ret = EC_KEY_set_group(d_eckey, d_ecgroup);
     if (ret != 1) {
+      EC_KEY_free(d_eckey);
+      EC_GROUP_free(d_ecgroup);
       throw runtime_error(getName()+" setting key group failed");
     }
 
-- 
2.40.0