Don't free ret->data if malloc fails.
Issue reported by Guido Vranken. (Imported from upstream's 64eaf6c928f4066d62aa86f805796ef05bd0b1cc.) Change-Id: I99793abb4e1b5da5b70468b207ec03013fff674a Reviewed-on: https://boringssl-review.googlesource.com/7843 Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
parent
52a3bf2835
commit
eb3257211e
@ -202,13 +202,13 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
|
|||||||
} else {
|
} else {
|
||||||
if (len != 0) {
|
if (len != 0) {
|
||||||
if ((ret->length < len) || (ret->data == NULL)) {
|
if ((ret->length < len) || (ret->data == NULL)) {
|
||||||
if (ret->data != NULL)
|
|
||||||
OPENSSL_free(ret->data);
|
|
||||||
s = (unsigned char *)OPENSSL_malloc((int)len + 1);
|
s = (unsigned char *)OPENSSL_malloc((int)len + 1);
|
||||||
if (s == NULL) {
|
if (s == NULL) {
|
||||||
i = ERR_R_MALLOC_FAILURE;
|
i = ERR_R_MALLOC_FAILURE;
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
if (ret->data != NULL)
|
||||||
|
OPENSSL_free(ret->data);
|
||||||
} else
|
} else
|
||||||
s = ret->data;
|
s = ret->data;
|
||||||
memcpy(s, p, (int)len);
|
memcpy(s, p, (int)len);
|
||||||
|
Loading…
Reference in New Issue
Block a user