Commit 8e588e28 authored by Matt Caswell's avatar Matt Caswell
Browse files

Don't leak memory on error in i2b_PVK 



The i2b_PVK function leaked a number of different memory allocations on
error paths (and even some non-error paths).

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
parent 204cf940

crypto/pem/pvkfmt.c

+14 −8
Original line number Diff line number Diff line
@@ -807,26 +807,29 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel, 
{

    int outlen = 24, pklen;

    unsigned char *p, *salt = NULL;

    EVP_CIPHER_CTX *cctx = EVP_CIPHER_CTX_new();

    EVP_CIPHER_CTX *cctx = NULL;

    if (enclevel)

        outlen += PVK_SALTLEN;

    pklen = do_i2b(NULL, pk, 0);

    if (pklen < 0)

        return -1;

    outlen += pklen;

    if (!out)

    if (out == NULL)

        return outlen;

    if (*out)

    if (*out != NULL) {

        p = *out;

    else {

    } else {

        p = OPENSSL_malloc(outlen);

        if (p == NULL) {

            PEMerr(PEM_F_I2B_PVK, ERR_R_MALLOC_FAILURE);

            return -1;

        }

        *out = p;

    }



    cctx = EVP_CIPHER_CTX_new();

    if (cctx == NULL)

        return -1;



    write_ledword(&p, MS_PVKMAGIC);

    write_ledword(&p, 0);

    if (EVP_PKEY_id(pk) == EVP_PKEY_DSA)
@@ -843,9 +846,7 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel, 
        p += PVK_SALTLEN;

    }

    do_i2b(&p, pk, 0);

    if (enclevel == 0)

        return outlen;

    else {

    if (enclevel != 0) {

        char psbuf[PEM_BUFSIZE];

        unsigned char keybuf[20];

        int enctmplen, inlen;
@@ -871,7 +872,12 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel, 
        if (!EVP_DecryptFinal_ex(cctx, p + enctmplen, &enctmplen))

            goto error;

    }



    EVP_CIPHER_CTX_free(cctx);



    if (*out == NULL)

        *out = p;



    return outlen;



 error: