From: tb <tb@openbsd.org>
Date: Fri, 5 Jan 2024 10:14:08 +0000 (+0000)
Subject: Plug a leak in EVP_read_pw_string_min()
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=b0c223ce4f926903eec27a8fc579e23e5eea573c;p=openbsd

Plug a leak in EVP_read_pw_string_min()

Use an error exit that frees the ui in case the UI_add_* fail. Also add
a few empty lines for readability.

ok joshua
---

diff --git a/lib/libcrypto/evp/evp_key.c b/lib/libcrypto/evp/evp_key.c
index 2f6e7e70cc2..16c002fe677 100644
--- a/lib/libcrypto/evp/evp_key.c
+++ b/lib/libcrypto/evp/evp_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_key.c,v 1.30 2023/07/07 19:37:53 beck Exp $ */
+/* $OpenBSD: evp_key.c,v 1.31 2024/01/05 10:14:08 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -99,30 +99,35 @@ int
 EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt,
     int verify)
 {
-	int ret;
+	UI *ui = NULL;
 	char buff[BUFSIZ];
-	UI *ui;
+	int ret = -1;
 
 	if (len > BUFSIZ)
 		len = BUFSIZ;
 	/* Ensure that 0 <= min <= len - 1. In particular, 1 <= len. */
 	if (min < 0 || len - 1 < min)
-		return -1;
+		goto err;
+
 	if ((prompt == NULL) && (prompt_string[0] != '\0'))
 		prompt = prompt_string;
-	ui = UI_new();
-	if (ui == NULL)
-		return -1;
+
+	if ((ui = UI_new()) == NULL)
+		goto err;
 	if (UI_add_input_string(ui, prompt, 0, buf, min, len - 1) < 0)
-		return -1;
+		goto err;
 	if (verify) {
 		if (UI_add_verify_string(ui, prompt, 0, buff, min, len - 1, buf)
 		    < 0)
-			return -1;
+			goto err;
 	}
+
 	ret = UI_process(ui);
+
+ err:
 	UI_free(ui);
 	explicit_bzero(buff, BUFSIZ);
+
 	return ret;
 }