Fix a possible memleak in SRP_VBASE_new

In the error handling case the memory in vb->users_pwd was accidentally not released. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #21981)
openssl · Sep 8, 2023 · 68e95f7 · 68e95f7
1 parent 17dd9a2
commit 68e95f7
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
@@ -281,6 +281,7 @@ SRP_VBASE *SRP_VBASE_new(char *seed_key)
         return NULL;
     if ((vb->users_pwd = sk_SRP_user_pwd_new_null()) == NULL
         || (vb->gN_cache = sk_SRP_gN_cache_new_null()) == NULL) {
+        sk_SRP_user_pwd_free(vb->users_pwd);
         OPENSSL_free(vb);
         return NULL;
     }