Free {priv,pub}_key before assigning to it

While it isn't the case for the default implementations, custom DH and DSA
methods could conceivably populate private and public keys, which in turn
would result in leaks in the pub/priv decode methods.

ok jsing

1 files changed, 3 insertions, 1 deletions

diff --git a/src/lib/libcrypto/dh/dh_ameth.c b/src/lib/libcrypto/dh/dh_ameth.c
index 88fec6bf4a..ec9fe43d2b 100644
--- a/src/lib/libcrypto/dh/dh_ameth.c
+++ b/src/lib/libcrypto/dh/dh_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_ameth.c,v 1.37 2023/08/12 07:43:48 tb Exp $ */
+/* $OpenBSD: dh_ameth.c,v 1.38 2023/08/12 07:50:47 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -111,6 +111,7 @@ dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
                 DHerror(DH_R_DECODE_ERROR);
                 goto err;
         }
+        BN_free(dh->pub_key);
         if ((dh->pub_key = ASN1_INTEGER_to_BN(aint, NULL)) == NULL) {
                 DHerror(DH_R_BN_DECODE_ERROR);
                 goto err;
@@ -223,6 +224,7 @@ dh_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
                 DHerror(DH_R_DECODE_ERROR);
                 goto err;
         }
+        BN_free(dh->priv_key);
         if ((dh->priv_key = ASN1_INTEGER_to_BN(aint, NULL)) == NULL) {
                 DHerror(DH_R_BN_DECODE_ERROR);
                 goto err;