From 3cf90a6ed0ff5924618eaa5e5bb778b4d28de985 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Wed, 8 Sep 2021 14:33:02 +0000
Subject: Fix leak in cms_RecipientInfo_kekri_decrypt()

Free ec->key before reassigning it.

From OpenSSL 1.1.1, 58e1e397

ok inoguchi
---
 src/lib/libcrypto/cms/cms_env.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/cms/cms_env.c b/src/lib/libcrypto/cms/cms_env.c
index 74d957eee0..a88ea63662 100644
--- a/src/lib/libcrypto/cms/cms_env.c
+++ b/src/lib/libcrypto/cms/cms_env.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_env.c,v 1.23 2019/10/04 18:03:56 tb Exp $ */
+/* $OpenBSD: cms_env.c,v 1.24 2021/09/08 14:33:02 tb Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -792,6 +792,7 @@ cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
 		goto err;
 	}
 
+	freezero(ec->key, ec->keylen);
 	ec->key = ukey;
 	ec->keylen = ukeylen;
 
-- 
cgit v1.2.3-55-g6feb