From 030b3661ae673f11f7652c6786ab1cb1c7c2e34c Mon Sep 17 00:00:00 2001
From: tb <>
Date: Fri, 6 Apr 2018 09:19:36 +0000
Subject: Avoid leaking str if EVP_Digest() fails. Found and fixed by Bernd
 Edlinger as part of OpenSSL commit 83b4049ab75e9da1815e9c854a9297bca3d4af6b

ok jsing, deraadt, bcook
---
 src/lib/libcrypto/asn1/a_digest.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/asn1/a_digest.c b/src/lib/libcrypto/asn1/a_digest.c
index 085a57d811..5b95adf115 100644
--- a/src/lib/libcrypto/asn1/a_digest.c
+++ b/src/lib/libcrypto/asn1/a_digest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_digest.c,v 1.15 2014/07/11 08:44:47 jsing Exp $ */
+/* $OpenBSD: a_digest.c,v 1.16 2018/04/06 09:19:36 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -77,8 +77,11 @@ ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
 	if (!str)
 		return (0);
 
-	if (!EVP_Digest(str, i, md, len, type, NULL))
-		return 0;
+	if (!EVP_Digest(str, i, md, len, type, NULL)) {
+		free(str);
+		return (0);
+	}
+
 	free(str);
 	return (1);
 }
-- 
cgit v1.2.3-55-g6feb