Fix mem leak on error path

The mem pointed to by tmp can be leaked on an error path. Reviewed-by: Tim Hudson <tjh@openssl.org>
author: Matt Caswell <matt@openssl.org> 2016-08-23 00:18:50 +0200
committer: Matt Caswell <matt@openssl.org> 2016-08-23 01:19:15 +0200
commit: c72b8e069de6a8863123d5be05e41b833abe09ee (patch)
tree: e8361763f789800eee3bc74928887e54e3e88a7c /crypto/srp
parent: Ensure the mime_hdr_free function can handle NULLs (diff)
download: openssl-c72b8e069de6a8863123d5be05e41b833abe09ee.tar.xz
openssl-c72b8e069de6a8863123d5be05e41b833abe09ee.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c
index 7f297be81a..9efad9352f 100644
--- a/crypto/srp/srp_lib.c
+++ b/crypto/srp/srp_lib.c
@@ -19,7 +19,7 @@ static BIGNUM *srp_Calc_k(const BIGNUM *N, const BIGNUM *g)
     /* k = SHA1(N | PAD(g)) -- tls-srp draft 8 */
 
     unsigned char digest[SHA_DIGEST_LENGTH];
-    unsigned char *tmp;
+    unsigned char *tmp = NULL;
     EVP_MD_CTX *ctxt = NULL;
     int longg;
     int longN = BN_num_bytes(N);
@@ -45,12 +45,12 @@ static BIGNUM *srp_Calc_k(const BIGNUM *N, const BIGNUM *g)
     if (!EVP_DigestUpdate(ctxt, tmp + longg, longN - longg)
         || !EVP_DigestUpdate(ctxt, tmp, longg))
         goto err;
-    OPENSSL_free(tmp);
 
     if (!EVP_DigestFinal_ex(ctxt, digest, NULL))
         goto err;
     res = BN_bin2bn(digest, sizeof(digest), NULL);
  err:
+    OPENSSL_free(tmp);
     EVP_MD_CTX_free(ctxt);
     return res;
 }
author	Matt Caswell <matt@openssl.org>	2016-08-23 00:18:50 +0200
committer	Matt Caswell <matt@openssl.org>	2016-08-23 01:19:15 +0200
commit	c72b8e069de6a8863123d5be05e41b833abe09ee (patch)
tree	e8361763f789800eee3bc74928887e54e3e88a7c /crypto/srp
parent	Ensure the mime_hdr_free function can handle NULLs (diff)
download	openssl-c72b8e069de6a8863123d5be05e41b833abe09ee.tar.xz openssl-c72b8e069de6a8863123d5be05e41b833abe09ee.zip