[openssl.org #2531] small memory leak in t1_lib

Marcus Meissner via RT Tue, 24 May 2011 12:19:06 -0700

Hi,

probably not triggers in real life conditions.
also spotted by Coverity, untested.


--- ssl/t1_lib.c.xx     2011-05-18 15:50:08.000000000 +0000
+++ ssl/t1_lib.c        2011-05-18 15:50:22.000000000 +0000
@@ -1714,8 +1714,10 @@
                return -1;
                }
        EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen);
-       if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0)
+       if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) {
+               OPENSSL_free(sdec);
                goto tickerr;
+       }
        slen += mlen;
        EVP_CIPHER_CTX_cleanup(&ctx);
        p = sdec;

Ciao, Marcus

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [email protected]

[openssl.org #2531] small memory leak in t1_lib

Reply via email to