From b904925934b9c033c83089cd3b396ae763a5ea3f Mon Sep 17 00:00:00 2001
From: tb <>
Date: Sat, 30 Nov 2024 10:01:31 +0000
Subject: Don't leak the abuf on error in PKCS7_dataFinal()

ok beck miod
---
 src/lib/libcrypto/pkcs7/pk7_doit.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c
index 3cc7add66f..e1c075f15a 100644
--- a/src/lib/libcrypto/pkcs7/pk7_doit.c
+++ b/src/lib/libcrypto/pkcs7/pk7_doit.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pk7_doit.c,v 1.56 2024/02/18 15:45:42 tb Exp $ */
+/* $OpenBSD: pk7_doit.c,v 1.57 2024/11/30 10:01:31 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -813,6 +813,7 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 				if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen,
 				    si->pkey)) {
 					PKCS7error(ERR_R_EVP_LIB);
+					free(abuf);
 					goto err;
 				}
 				ASN1_STRING_set0(si->enc_digest, abuf, abuflen);
-- 
cgit v1.2.3-55-g6feb