Commit 3d551b20 authored by Matt Caswell's avatar Matt Caswell
Browse files

Fix a mem leak in CMS 



The function CMS_RecipientInfo_set0_pkey() is a "set0" and therefore
memory management passes to OpenSSL. If the same function is called again
then we should ensure that any previous value that was set is freed first
before we set it again.

Fixes #5052

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6142)
parent 4ffc1842

crypto/cms/cms_env.c

+1 −0
Original line number Diff line number Diff line
@@ -282,6 +282,7 @@ int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey) 
        CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, CMS_R_NOT_KEY_TRANSPORT);

        return 0;

    }

    EVP_PKEY_free(ri->d.ktri->pkey);

    ri->d.ktri->pkey = pkey;

    return 1;

}

crypto/cms/cms_smime.c

+1 −0
Original line number Diff line number Diff line
@@ -631,6 +631,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert) 
         * all.

         */

        else if (!cert || !CMS_RecipientInfo_ktri_cert_cmp(ri, cert)) {

            EVP_PKEY_up_ref(pk);

            CMS_RecipientInfo_set0_pkey(ri, pk);

            r = CMS_RecipientInfo_decrypt(cms, ri);

            CMS_RecipientInfo_set0_pkey(ri, NULL);