From: tobhe <tobhe@openbsd.org>
Date: Wed, 9 Nov 2022 01:05:45 +0000 (+0000)
Subject: Fix possible memory leak in BN_mpi2bn() if BN_bin2bn() fails.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=3ecdf8b229f1571d510e13e9d0ed37ab7c84e1fa;p=openbsd

Fix possible memory leak in BN_mpi2bn() if BN_bin2bn() fails.

found with CodeChecker
feedback from millert@
ok tb@
---

diff --git a/lib/libcrypto/bn/bn_mpi.c b/lib/libcrypto/bn/bn_mpi.c
index 4801192b50d..9b743cca8ce 100644
--- a/lib/libcrypto/bn/bn_mpi.c
+++ b/lib/libcrypto/bn/bn_mpi.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_mpi.c,v 1.8 2017/01/29 17:49:22 beck Exp $ */
+/* $OpenBSD: bn_mpi.c,v 1.9 2022/11/09 01:05:45 tobhe Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -92,8 +92,9 @@ BN_bn2mpi(const BIGNUM *a, unsigned char *d)
 }
 
 BIGNUM *
-BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a)
+BN_mpi2bn(const unsigned char *d, int n, BIGNUM *ain)
 {
+	BIGNUM *a = ain;
 	long len;
 	int neg = 0;
 
@@ -121,8 +122,11 @@ BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a)
 	d += 4;
 	if ((*d) & 0x80)
 		neg = 1;
-	if (BN_bin2bn(d, (int)len, a) == NULL)
+	if (BN_bin2bn(d, (int)len, a) == NULL) {
+		if (ain == NULL)
+			BN_free(a);
 		return (NULL);
+	}
 	a->neg = neg;
 	if (neg) {
 		BN_clear_bit(a, BN_num_bits(a) - 1);