Fix possible memory leak on BUF_MEM_grow_clean failure (3eb70c5e) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

crypto/asn1/tasn_dec.c

+6 −8

Original line number	Diff line number	Diff line
		@@ -668,7 +668,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
		long plen;
		char cst, inf, free_cont = 0;
		const unsigned char *p;
		BUF_MEM buf = { 0 };
		BUF_MEM buf = { 0, NULL, 0, 0 };
		const unsigned char *cont = NULL;
		long len;
		if (!pval) {
		@@ -744,7 +744,6 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
		} else {
		len = p - cont + plen;
		p += plen;
		buf.data = NULL;
		}
		} else if (cst) {
		if (utype == V_ASN1_NULL \|\| utype == V_ASN1_BOOLEAN
		@@ -753,9 +752,9 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
		ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_TYPE_NOT_PRIMITIVE);
		return 0;
		}
		buf.length = 0;
		buf.max = 0;
		buf.data = NULL;

		/* Free any returned 'buf' content */
		free_cont = 1;
		/*
		* Should really check the internal tags are correct but some things
		* may get this wrong. The relevant specs say that constructed string
		@@ -763,18 +762,16 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
		* So instead just check for UNIVERSAL class and ignore the tag.
		*/
		if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0)) {
		free_cont = 1;
		goto err;
		}
		len = buf.length;
		/* Append a final null to string */
		if (!BUF_MEM_grow_clean(&buf, len + 1)) {
		ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE);
		return 0;
		goto err;
		}
		buf.data[len] = 0;
		cont = (const unsigned char *)buf.data;
		free_cont = 1;
		} else {
		cont = p;
		len = plen;
		@@ -782,6 +779,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
		}

		/* We now have content length and type: translate into a structure */
		/* asn1_ex_c2i may reuse allocated buffer, and so sets free_cont to 0 */
		if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it))
		goto err;