Download raw body.
[PATCH] libressl: fix memory leak in PKCS7_signatureVerify on error
Hi
This patch fixes a memory leak when an error occurs in PKCS7_signatureVerify in libressl.
This issue was found via an experimental static analyzer I'm working on,
and I manually read the code to verify whether this is a real bug or not.
---------------------------------------------------------------------------
diff --git a/pk7_doit.c b/pk7_doit.c
index e1c075f..0844d23 100644
--- a/pk7_doit.c
+++ b/pk7_doit.c
@@ -1067,8 +1067,10 @@ PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, X509 *x509)
ret = -1;
goto err;
}
- if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen))
+ if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen)) {
+ free(abuf);
goto err;
+ }
free(abuf);
}
[PATCH] libressl: fix memory leak in PKCS7_signatureVerify on error