Plug a leak in ASN1_item_i2d() ASN1_item_ex_i2d() does not take ownership of the memory pointed at by *out, so it's the caller's responsibility to free it on error. Change-Id: Id8cb70e50f280944418629a32b53fd4ca248b0bd Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/57805 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: David Benjamin <davidben@google.com>

commit: 3a7dfdb984434a4b4beef947b2e49602c557c0de [log] [tgz]
author: Theo Buehler <theorbuehler@gmail.com> Sun Mar 05 23:41:50 2023 +0100
committer: Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> Sun Mar 05 23:28:31 2023 +0000
tree: acd42d60e1fd6c1e7909a2342d066f9a28c7f2d4
parent: 93e8d4463d59d671e9c5c6171226341f04b07907 [diff]
diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c
index 9d4d587..ca3b3fc 100644
--- a/crypto/asn1/tasn_enc.c
+++ b/crypto/asn1/tasn_enc.c

@@ -97,6 +97,7 @@
     p = buf;
     int len2 = ASN1_item_ex_i2d(&val, &p, it, /*tag=*/-1, /*aclass=*/0);
     if (len2 <= 0) {
+      OPENSSL_free(buf);
       return len2;
     }
     assert(len == len2);
commit	3a7dfdb984434a4b4beef947b2e49602c557c0de	[log] [tgz]
author	Theo Buehler <theorbuehler@gmail.com>	Sun Mar 05 23:41:50 2023 +0100
committer	Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>	Sun Mar 05 23:28:31 2023 +0000
tree	acd42d60e1fd6c1e7909a2342d066f9a28c7f2d4
parent	93e8d4463d59d671e9c5c6171226341f04b07907 [diff]