From 0110a4703608430c2131237c6afcf932a28c27ff Mon Sep 17 00:00:00 2001
From: Kazuki Yamaguchi <k@rhe.jp>
Date: Sat, 6 Aug 2016 22:24:44 +0900
Subject: [PATCH] Fix a memory leak in EC_GROUP_get_ecparameters()

The variable 'buffer', allocated by EC_POINT_point2buf(), isn't
free'd on the success path.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
---
 crypto/ec/ec_asn1.c |  7 ++-----
 test/ectest.c       | 29 +++++++++++++++++++++++++++++
 2 files changed, 31 insertions(+), 5 deletions(-)

diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index e911b2b2e2..4f4d1edf0e 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -512,13 +512,11 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,
         goto err;
     }
     if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL) {
+        OPENSSL_free(buffer);
         ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
         goto err;
     }
-    if (!ASN1_OCTET_STRING_set(ret->base, buffer, len)) {
-        ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB);
-        goto err;
-    }
+    ASN1_STRING_set0(ret->base, buffer, len);
 
     /* set the order */
     tmp = EC_GROUP_get0_order(group);
@@ -547,7 +545,6 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,
  err:
     if (params == NULL)
         ECPARAMETERS_free(ret);
-    OPENSSL_free(buffer);
     return NULL;
 }
 
diff --git a/test/ectest.c b/test/ectest.c
index f7e55c3b6a..0dd0ab85d8 100644
--- a/test/ectest.c
+++ b/test/ectest.c
@@ -1712,6 +1712,33 @@ static void nistp_tests()
 }
 # endif
 
+static void parameter_test(void)
+{
+    EC_GROUP *group, *group2;
+    ECPARAMETERS *ecparameters;
+
+    fprintf(stderr, "\ntesting ecparameters conversion ...");
+
+    group = EC_GROUP_new_by_curve_name(NID_secp112r1);
+    if (!group)
+        ABORT;
+
+    ecparameters = EC_GROUP_get_ecparameters(group, NULL);
+    if (!ecparameters)
+        ABORT;
+    group2 = EC_GROUP_new_from_ecparameters(ecparameters);
+    if (!group2)
+        ABORT;
+    if (EC_GROUP_cmp(group, group2, NULL))
+        ABORT;
+
+    fprintf(stderr, " ok\n");
+
+    EC_GROUP_free(group);
+    EC_GROUP_free(group2);
+    ECPARAMETERS_free(ecparameters);
+}
+
 static const char rnd_seed[] =
     "string to make the random number generator think it has entropy";
 
@@ -1737,6 +1764,8 @@ int main(int argc, char *argv[])
     /* test the internal curves */
     internal_curve_test();
 
+    parameter_test();
+
 #ifndef OPENSSL_NO_CRYPTO_MDEBUG
     if (CRYPTO_mem_leaks_fp(stderr) <= 0)
         return 1;
-- 
GitLab