Fix a mem leak in CMS

The function CMS_RecipientInfo_set0_pkey() is a "set0" and therefore memory management passes to OpenSSL. If the same function is called again then we should ensure that any previous value that was set is freed first before we set it again. Fixes #5052 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6142)
author: Matt Caswell <matt@openssl.org> 2018-05-01 10:29:17 +0200
committer: Matt Caswell <matt@openssl.org> 2018-05-08 09:43:39 +0200
commit: 3d551b20df1acd01f80d3ae00d37177e0fdf344a (patch)
tree: d480b063cc81fd3d432ef4c69a0f8ab49b049cf7 /crypto/cms/cms_smime.c
parent: windows-makefile.tmpl: rearrange cleanup commands to avoid ... (diff)
download: openssl-3d551b20df1acd01f80d3ae00d37177e0fdf344a.tar.xz
openssl-3d551b20df1acd01f80d3ae00d37177e0fdf344a.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
index 7e7b6e5d4f..76883bfb9b 100644
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -631,6 +631,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
          * all.
          */
         else if (!cert || !CMS_RecipientInfo_ktri_cert_cmp(ri, cert)) {
+            EVP_PKEY_up_ref(pk);
             CMS_RecipientInfo_set0_pkey(ri, pk);
             r = CMS_RecipientInfo_decrypt(cms, ri);
             CMS_RecipientInfo_set0_pkey(ri, NULL);
author	Matt Caswell <matt@openssl.org>	2018-05-01 10:29:17 +0200
committer	Matt Caswell <matt@openssl.org>	2018-05-08 09:43:39 +0200
commit	3d551b20df1acd01f80d3ae00d37177e0fdf344a (patch)
tree	d480b063cc81fd3d432ef4c69a0f8ab49b049cf7 /crypto/cms/cms_smime.c
parent	windows-makefile.tmpl: rearrange cleanup commands to avoid ... (diff)
download	openssl-3d551b20df1acd01f80d3ae00d37177e0fdf344a.tar.xz openssl-3d551b20df1acd01f80d3ae00d37177e0fdf344a.zip