If EVP_Digest() fails, str is leaked.
This is part of the combo-diff 83b4049ab75e9da1815e9c854a9297bca3d4af6b
some more of which may also apply to us, but I'm still disentangling it.
See also https://github.com/openssl/openssl/issues/2111
Index: lib/libcrypto/asn1/a_digest.c
===================================================================
RCS file: /var/cvs/src/lib/libcrypto/asn1/a_digest.c,v
retrieving revision 1.15
diff -u -p -r1.15 a_digest.c
--- lib/libcrypto/asn1/a_digest.c 11 Jul 2014 08:44:47 -0000 1.15
+++ lib/libcrypto/asn1/a_digest.c 5 Apr 2018 16:46:22 -0000
@@ -77,8 +77,11 @@ ASN1_item_digest(const ASN1_ITEM *it, co
if (!str)
return (0);
- if (!EVP_Digest(str, i, md, len, type, NULL))
- return 0;
+ if (!EVP_Digest(str, i, md, len, type, NULL)) {
+ free(str);
+ return (0);
+ }
+
free(str);
return (1);
}
