1berry/openssl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix memory leaks after failure of PKCS7_add_signed_attribute()

Browse Source 
If PKCS7_add_signed_attribute fails,
seq never escapes out of the callee and will
therefore result in a memory leak.
This is similar to ed3d277127.

CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27670)
This commit is contained in:
widneve 2025-05-20 16:23:09 +02:00 committed by Tomas Mraz
parent afd32bcb54
commit 6543f34dda
1 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
crypto/ts/ts_rsp_sign.c
View File

@ -648,8 +648,12 @@ static int ossl_ess_add1_signing_cert(PKCS7_SIGNER_INFO *si,
}
OPENSSL_free(pp);
return PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificate,
V_ASN1_SEQUENCE, seq);
if (!PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificate,
V_ASN1_SEQUENCE, seq)) {
ASN1_STRING_free(seq);
return 0;
}
return 1;
}
static int ossl_ess_add1_signing_cert_v2(PKCS7_SIGNER_INFO *si,
@ -671,8 +675,12 @@ static int ossl_ess_add1_signing_cert_v2(PKCS7_SIGNER_INFO *si,
}
OPENSSL_free(pp);
return PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificateV2,
V_ASN1_SEQUENCE, seq);
if (!PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificateV2,
V_ASN1_SEQUENCE, seq)) {
ASN1_STRING_free(seq);
return 0;
}
return 1;
}
static int ts_RESP_sign(TS_RESP_CTX *ctx)