Fix potential memory leak in PKCS12_add_key_ex()

p8 is allocated using EVP_PKEY2PKCS8(), but when PKCS8_add_keyusage() fails this memory is not freed. Fix this by adding a call to PKCS8_PRIV_KEY_INFO_free(). Reviewed-by: Frederik Wedel-Heinen <[email protected]> Reviewed-by: Hugo Landau <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#25818) (cherry picked from commit f822a48)
bernd-edlinger · Jan 10, 2025 · dd8879a · dd8879a
1 parent 84443b9
commit dd8879a
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c
@@ -180,8 +180,10 @@ PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
     /* Make a PKCS#8 structure */
     if ((p8 = EVP_PKEY2PKCS8(key)) == NULL)
         goto err;
-    if (key_usage && !PKCS8_add_keyusage(p8, key_usage))
+    if (key_usage && !PKCS8_add_keyusage(p8, key_usage)) {
+        PKCS8_PRIV_KEY_INFO_free(p8);
         goto err;
+    }
     if (nid_key != -1) {
         bag = PKCS12_SAFEBAG_create_pkcs8_encrypt(nid_key, pass, -1, NULL, 0,
                                                   iter, p8);