Google Git
Sign in
boringssl/boringssl.git/eb3257211e3bd7dbdbe636144b6838dd20c37ef3^!/.
commit
eb3257211e3bd7dbdbe636144b6838dd20c37ef3
[log]
author
David Benjamin <davidben@google.com>
Tue May 03 07:38:54 2016 -0400
committer
Adam Langley <agl@google.com>
Tue May 03 16:36:04 2016 +0000
tree
26aee515202741bc65f77be42399a3ab5754f39f
parent
52a3bf2835200a7beabe349a85cb2355e42ab599 [diff]
Don't free ret->data if malloc fails.

Issue reported by Guido Vranken.

(Imported from upstream's 64eaf6c928f4066d62aa86f805796ef05bd0b1cc.)

Change-Id: I99793abb4e1b5da5b70468b207ec03013fff674a
Reviewed-on: https://boringssl-review.googlesource.com/7843
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/crypto/asn1/a_bytes.c b/crypto/asn1/a_bytes.c
index 7e2f85d..e6b2f2e 100644
--- a/crypto/asn1/a_bytes.c
+++ b/crypto/asn1/a_bytes.c

@@ -202,13 +202,13 @@
     } else {
         if (len != 0) {
             if ((ret->length < len) || (ret->data == NULL)) {
-                if (ret->data != NULL)
-                    OPENSSL_free(ret->data);
                 s = (unsigned char *)OPENSSL_malloc((int)len + 1);
                 if (s == NULL) {
                     i = ERR_R_MALLOC_FAILURE;
                     goto err;
                 }
+                if (ret->data != NULL)
+                    OPENSSL_free(ret->data);
             } else
                 s = ret->data;
             memcpy(s, p, (int)len);