Fix theoretical memory leak on malloc error in CBS_asn1_ber_to_der.
On failure, CBB_finish doesn't call CBB_cleanup. Also chain more of the ||s
together now that CBB_cleanup after failed CBB_init is legal.
(I don't think this is actually reachable because the CBB is guaranteed to be
flushed by this point.)
Change-Id: Ib16a0a185f15e13675ac2550c5e8e0926ceb7957
Reviewed-on: https://boringssl-review.googlesource.com/7051
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/bytestring/ber.c b/crypto/bytestring/ber.c
index 9e8daaa..6f7d107 100644
--- a/crypto/bytestring/ber.c
+++ b/crypto/bytestring/ber.c
@@ -209,13 +209,12 @@
return 1;
}
- if (!CBB_init(&cbb, CBS_len(in))) {
- return 0;
- }
- if (!cbs_convert_ber(in, &cbb, 0, 0, 0)) {
+ if (!CBB_init(&cbb, CBS_len(in)) ||
+ !cbs_convert_ber(in, &cbb, 0, 0, 0) ||
+ !CBB_finish(&cbb, out, out_len)) {
CBB_cleanup(&cbb);
return 0;
}
- return CBB_finish(&cbb, out, out_len);
+ return 1;
}