From 3cd888acd571765f2f8c29ab7d8deda4b929eb51 Mon Sep 17 00:00:00 2001 From: tb Date: Wed, 8 Sep 2021 14:33:02 +0000 Subject: [PATCH] Fix leak in cms_RecipientInfo_kekri_decrypt() Free ec->key before reassigning it. From OpenSSL 1.1.1, 58e1e397 ok inoguchi --- lib/libcrypto/cms/cms_env.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/libcrypto/cms/cms_env.c b/lib/libcrypto/cms/cms_env.c index 74d957eee08..a88ea636620 100644 --- a/lib/libcrypto/cms/cms_env.c +++ b/lib/libcrypto/cms/cms_env.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_env.c,v 1.23 2019/10/04 18:03:56 tb Exp $ */ +/* $OpenBSD: cms_env.c,v 1.24 2021/09/08 14:33:02 tb Exp $ */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. @@ -792,6 +792,7 @@ cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri) goto err; } + freezero(ec->key, ec->keylen); ec->key = ukey; ec->keylen = ukeylen; -- 2.20.1