From 0003a167c3fd3fe35024c6c039029e7b4d7ece69 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Tue, 18 Mar 2025 12:48:11 +0000
Subject: PKCS7_signatureVerify(): add missing free after EVP_VerifyUpdate()

From Nils Dossche
---
 src/lib/libcrypto/pkcs7/pk7_doit.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c
index e1c075f15a..291a7316f6 100644
--- a/src/lib/libcrypto/pkcs7/pk7_doit.c
+++ b/src/lib/libcrypto/pkcs7/pk7_doit.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pk7_doit.c,v 1.57 2024/11/30 10:01:31 tb Exp $ */
+/* $OpenBSD: pk7_doit.c,v 1.58 2025/03/18 12:48:11 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1067,8 +1067,10 @@ PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, X509 *x509)
 			ret = -1;
 			goto err;
 		}
-		if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen))
+		if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen)) {
+			free(abuf);
 			goto err;
+		}
 
 		free(abuf);
 	}
-- 
cgit v1.2.3-55-g6feb