Download raw body.
[PATCH] libressl: fix memory leak in CMS_EncryptedData_encrypt on error
Hi
This patch fixes a memory leak when an error occurs in
CMS_EncryptedData_encrypt when calling CMS_EncryptedData_set1_key in
libressl.
This issue was found via an experimental static analyzer I'm working on,
and I manually read the code to verify whether this is a real bug or not.
---------------------------------------------------------------------------
diff --git lib/libcrypto/cms/cms_smime.c lib/libcrypto/cms/cms_smime.c
index 85a0e6f6e50..bc105382b36 100644
--- lib/libcrypto/cms/cms_smime.c
+++ lib/libcrypto/cms/cms_smime.c
@@ -286,8 +286,10 @@ CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER
*cipher,
cms = CMS_ContentInfo_new();
if (cms == NULL)
return NULL;
- if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen))
+ if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen)) {
+ CMS_ContentInfo_free(cms);
return NULL;
+ }
if (!(flags & CMS_DETACHED))
CMS_set_detached(cms, 0);
[PATCH] libressl: fix memory leak in CMS_EncryptedData_encrypt on error