From 64eaf6c928f4066d62aa86f805796ef05bd0b1cc Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 27 Apr 2016 20:27:41 +0100 Subject: [PATCH] Don't free ret->data if malloc fails. Issue reported by Guido Vranken. Reviewed-by: Matt Caswell --- crypto/asn1/a_bytes.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/asn1/a_bytes.c b/crypto/asn1/a_bytes.c index 12715a728..385b53986 100644 --- a/crypto/asn1/a_bytes.c +++ b/crypto/asn1/a_bytes.c @@ -200,13 +200,13 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp, } else { if (len != 0) { if ((ret->length < len) || (ret->data == NULL)) { - if (ret->data != NULL) - OPENSSL_free(ret->data); s = (unsigned char *)OPENSSL_malloc((int)len + 1); if (s == NULL) { i = ERR_R_MALLOC_FAILURE; goto err; } + if (ret->data != NULL) + OPENSSL_free(ret->data); } else s = ret->data; memcpy(s, p, (int)len);