Commit 2ddfe60b authored May 01, 2018 by Matt Caswell

Fix a mem leak in CMS



The function CMS_RecipientInfo_set0_pkey() is a "set0" and therefore
memory management passes to OpenSSL. If the same function is called again
then we should ensure that any previous value that was set is freed first
before we set it again.

Fixes #5052

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6142)

(cherry picked from commit 3d551b20)

parent 414d19d0

crypto/cms/cms_env.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -282,6 +282,7 @@ int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo ri, EVP_PKEY pkey)
		CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, CMS_R_NOT_KEY_TRANSPORT);
		return 0;
		}
		EVP_PKEY_free(ri->d.ktri->pkey);
		ri->d.ktri->pkey = pkey;
		return 1;
		}

crypto/cms/cms_smime.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -631,6 +631,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo cms, EVP_PKEY pk, X509 *cert)
		* all.
		*/
		else if (!cert \|\| !CMS_RecipientInfo_ktri_cert_cmp(ri, cert)) {
		EVP_PKEY_up_ref(pk);
		CMS_RecipientInfo_set0_pkey(ri, pk);
		r = CMS_RecipientInfo_decrypt(cms, ri);
		CMS_RecipientInfo_set0_pkey(ri, NULL);