root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Fix memleak in rsa_cms_decrypt 

If a call to EVP_PKEY_CTX_set_rsa_mgf1_md() fails then the caller
needs to free the label.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20319)

(cherry picked from commit d32dd65053)
This commit is contained in:
slontis 2023-02-17 09:51:59 +10:00 committed by Tomas Mraz
parent a9bc7b9287
commit 90e3a8cadc
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
crypto/cms/cms_rsa.c
View File

@ -99,8 +99,10 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
goto err;
if (label != NULL
&& EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0)
&& EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0) {
OPENSSL_free(label);
goto err;
}
/* Carry on */
rv = 1;