PKCS#8: free data on error path in newpass_bag

Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/12870)
2025-03-19 19:50:42 +08:00 · 2020-09-14 07:40:58 +10:00 · 2020-09-14 07:40:58 +10:00 · e2d66c0d00
commit e2d66c0d00
parent 48ff651ecc
1 changed files with 3 additions and 1 deletions
--- a/crypto/pkcs12/p12_npas.c
+++ b/crypto/pkcs12/p12_npas.c
@ -157,8 +157,10 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass,
    if ((p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)) == NULL)
        return 0;
    X509_SIG_get0(bag->value.shkeybag, &shalg, NULL);
-    if (!alg_get(shalg, &p8_nid, &p8_iter, &p8_saltlen))
+    if (!alg_get(shalg, &p8_nid, &p8_iter, &p8_saltlen)) {
+        PKCS8_PRIV_KEY_INFO_free(p8);
        return 0;
+    }
    p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
                          p8_iter, p8);
    PKCS8_PRIV_KEY_INFO_free(p8);