EVP_MD_CTX is allocated using EVP_MD_CTX_new() but was never freed.
ctx should be initialized to NULL otherwise EVP_MD_CTX_free(ctx) could
segfault.
---
src/jws.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/jws.c b/src/jws.c
index d83ce9b96..7a4d83e6f 100644
--- a/src/jws.c
+++ b/src/jws.c
@@ -356,7 +356,7 @@ enum jwt_alg EVP_PKEY_to_jws_alg(EVP_PKEY *pkey)
*/
size_t jws_b64_signature(EVP_PKEY *pkey, enum jwt_alg alg, char *b64protected,
char *b64payload, char *dst, size_t dsize)
{
- EVP_MD_CTX *ctx;
+ EVP_MD_CTX *ctx = NULL;
const EVP_MD *evp_md = NULL;
int ret = 0;
struct buffer *sign = NULL;
@@ -450,6 +450,7 @@ size_t jws_b64_signature(EVP_PKEY *pkey, enum jwt_alg alg,
char *b64protected, c
ret = a2base64url(sign->area, sign->data, dst, dsize);
out:
+ EVP_MD_CTX_free(ctx);
free_trash_chunk(sign);
if (ret > 0)
--
2.52.0
