crypto/pkcs12/p12_mutl.c: Add check and EVP_MD_free() for EVP_MD_fetch()

Add check and EVP_MD_free() for EVP_MD_fetch() to avoid NULL pointer dereference and memory leak, like "md_fetch". Fixes: fe79159be0 ("Implementation of the RFC 9579, PBMAC1 in PKCS#12") Signed-off-by: Jiasheng Jiang <jiashengjiangcool@outlook.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25370)
2024-12-15 06:01:37 +08:00 · 2024-09-03 19:18:47 +00:00 · 2024-09-03 19:18:47 +00:00 · f60b3c5fdc
commit f60b3c5fdc
parent 8439337036
1 changed files with 4 additions and 0 deletions
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@ -236,6 +236,8 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
            if (OBJ_obj2txt(hmac_md_name, sizeof(hmac_md_name), OBJ_nid2obj(pbmac1_kdf_nid), 0) < 0)
                goto err;
            hmac_md = EVP_MD_fetch(NULL, hmac_md_name, NULL);
+            if (hmac_md == NULL)
+                goto err;
            fetched = 1;
        }
        if (pkcs12_key_gen != NULL) {
@ -249,6 +251,8 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
                goto err;
            }
        } else {
+            if (fetched)
+                EVP_MD_free(hmac_md);
            /* Default to UTF-8 password */
            if (!PKCS12_key_gen_utf8_ex(pass, passlen, salt, saltlen, PKCS12_MAC_ID,
                                        iter, keylen, key, md,