The branch master has been updated
via adc9086beb21a91ca59aaf0c619b38b82c223f9b (commit)
from 1f457256ce6a1b2fd7e3f62eee8faa74cd5c835e (commit)
- Log -----------------------------------------------------------------
commit adc9086beb21a91ca59aaf0c619b38b82c223f9b
Author: kinichiro <[email protected]>
Date: Sun Jan 12 17:35:39 2020 +0900
Avoid leak in error path of PKCS5_PBE_keyivgen
CLA: trivial
Reviewed-by: Matt Caswell <[email protected]>
Reviewed-by: Matthias St. Pierre <[email protected]>
Reviewed-by: Tomas Mraz <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/10816)
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/p5_crpt.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c
index 272643cf37..6218c17ce2 100644
--- a/crypto/evp/p5_crpt.c
+++ b/crypto/evp/p5_crpt.c
@@ -51,11 +51,13 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char
*pass, int passlen,
ivl = EVP_CIPHER_iv_length(cipher);
if (ivl < 0 || ivl > 16) {
EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_INVALID_IV_LENGTH);
+ PBEPARAM_free(pbe);
return 0;
}
kl = EVP_CIPHER_key_length(cipher);
if (kl < 0 || kl > (int)sizeof(md_tmp)) {
EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_INVALID_KEY_LENGTH);
+ PBEPARAM_free(pbe);
return 0;
}
@@ -84,6 +86,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char
*pass, int passlen,
if (!EVP_DigestUpdate(ctx, salt, saltlen))
goto err;
PBEPARAM_free(pbe);
+ pbe = NULL;
if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL))
goto err;
mdsize = EVP_MD_size(md);
@@ -106,6 +109,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char
*pass, int passlen,
OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
rv = 1;
err:
+ PBEPARAM_free(pbe);
EVP_MD_CTX_free(ctx);
return rv;
}
