Don't free ret->data if malloc fails.

Issue reported by Guido Vranken.

(Imported from upstream's 64eaf6c928f4066d62aa86f805796ef05bd0b1cc.)

Change-Id: I99793abb4e1b5da5b70468b207ec03013fff674a
Reviewed-on: https://boringssl-review.googlesource.com/7843
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2016-05-03 07:38:54 -04:00 committed by Adam Langley
parent 52a3bf2835
commit eb3257211e

View File

@ -202,13 +202,13 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
} else { } else {
if (len != 0) { if (len != 0) {
if ((ret->length < len) || (ret->data == NULL)) { if ((ret->length < len) || (ret->data == NULL)) {
if (ret->data != NULL)
OPENSSL_free(ret->data);
s = (unsigned char *)OPENSSL_malloc((int)len + 1); s = (unsigned char *)OPENSSL_malloc((int)len + 1);
if (s == NULL) { if (s == NULL) {
i = ERR_R_MALLOC_FAILURE; i = ERR_R_MALLOC_FAILURE;
goto err; goto err;
} }
if (ret->data != NULL)
OPENSSL_free(ret->data);
} else } else
s = ret->data; s = ret->data;
memcpy(s, p, (int)len); memcpy(s, p, (int)len);