From f78746b6b5755efeb3c2eddf9bff0c18dd192319 Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Tue, 22 Aug 2023 08:09:36 +0000
Subject: [PATCH] Plug a leak of ASN1_INTEGR in def_serial_cb()

ok jsing
---
 lib/libcrypto/ts/ts_rsp_sign.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/lib/libcrypto/ts/ts_rsp_sign.c b/lib/libcrypto/ts/ts_rsp_sign.c
index 84a69931060..3013cffbc5e 100644
--- a/lib/libcrypto/ts/ts_rsp_sign.c
+++ b/lib/libcrypto/ts/ts_rsp_sign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ts_rsp_sign.c,v 1.31 2023/07/07 07:25:21 beck Exp $ */
+/* $OpenBSD: ts_rsp_sign.c,v 1.32 2023/08/22 08:09:36 tb Exp $ */
 /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
  * project 2002.
  */
@@ -98,18 +98,21 @@ static ASN1_GENERALIZEDTIME *TS_RESP_set_genTime_with_precision(
 static ASN1_INTEGER *
 def_serial_cb(struct TS_resp_ctx *ctx, void *data)
 {
-	ASN1_INTEGER *serial = ASN1_INTEGER_new();
+	ASN1_INTEGER *serial;
 
-	if (!serial)
+	if ((serial = ASN1_INTEGER_new()) == NULL)
 		goto err;
 	if (!ASN1_INTEGER_set(serial, 1))
 		goto err;
+
 	return serial;
 
-err:
+ err:
+	ASN1_INTEGER_free(serial);
 	TSerror(ERR_R_MALLOC_FAILURE);
 	TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
 	    "Error during serial number generation.");
+
 	return NULL;
 }
 
-- 
2.20.1