From: Niels Dossche <dossche.niels@gmail.com>
Subject: [PATCH] libressl: fix memory leak in PKCS7_signatureVerify on error
To: tech@openbsd.org
Date: Tue, 18 Mar 2025 13:41:27 +0100

Hi

This patch fixes a memory leak when an error occurs in PKCS7_signatureVerify in libressl.

This issue was found via an experimental static analyzer I'm working on,
and I manually read the code to verify whether this is a real bug or not.


---------------------------------------------------------------------------
diff --git a/pk7_doit.c b/pk7_doit.c
index e1c075f..0844d23 100644
--- a/pk7_doit.c
+++ b/pk7_doit.c
@@ -1067,8 +1067,10 @@ PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, X509 *x509)
 			ret = -1;
 			goto err;
 		}
-		if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen))
+		if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen)) {
+			free(abuf);
 			goto err;
+		}
 
 		free(abuf);
 	}