CMS_ContentInfo_free(): fix mem leak on encrypted content key

Fixes #21026 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21058)
2025-03-31 20:10:45 +08:00 · 2023-05-25 17:46:48 +02:00 · 2023-05-25 17:46:48 +02:00 · 7a18574839
commit 7a18574839
parent 23450cfb92
2 changed files with 8 additions and 2 deletions
--- a/crypto/cms/cms_env.c
+++ b/crypto/cms/cms_env.c
@ -142,10 +142,12 @@ CMS_EncryptedContentInfo *ossl_cms_get0_env_enc_content(const CMS_ContentInfo *c
 {
    switch (cms_get_enveloped_type(cms)) {
    case CMS_ENVELOPED_STANDARD:
-        return cms->d.envelopedData->encryptedContentInfo;
+        return cms->d.envelopedData == NULL ? NULL
+            : cms->d.envelopedData->encryptedContentInfo;

    case CMS_ENVELOPED_AUTH:
-        return cms->d.authEnvelopedData->authEncryptedContentInfo;
+        return cms->d.authEnvelopedData == NULL ? NULL
+            : cms->d.authEnvelopedData->authEncryptedContentInfo;

    default:
        return NULL;
--- a/crypto/cms/cms_lib.c
+++ b/crypto/cms/cms_lib.c
@ -74,6 +74,10 @@ CMS_ContentInfo *CMS_ContentInfo_new(void)
 void CMS_ContentInfo_free(CMS_ContentInfo *cms)
 {
    if (cms != NULL) {
+        CMS_EncryptedContentInfo *ec = ossl_cms_get0_env_enc_content(cms);
+
+        if (ec != NULL)
+            OPENSSL_clear_free(ec->key, ec->keylen);
        OPENSSL_free(cms->ctx.propq);
        ASN1_item_free((ASN1_VALUE *)cms, ASN1_ITEM_rptr(CMS_ContentInfo));
    }