From b6e28bb4d78edc45464628203378dc4dc47fb849 Mon Sep 17 00:00:00 2001 From: Mia Kanashi Date: Thu, 5 Mar 2026 18:08:32 +0200 Subject: [PATCH] BUG/MINOR: jws: fix memory leak in jws_b64_signature EVP_MD_CTX is allocated using EVP_MD_CTX_new() but was never freed. ctx should be initialized to NULL otherwise EVP_MD_CTX_free(ctx) could segfault. Must be backported as far as 3.2. --- src/jws.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/jws.c b/src/jws.c index d83ce9b96..7a4d83e6f 100644 --- a/src/jws.c +++ b/src/jws.c @@ -356,7 +356,7 @@ out: */ size_t jws_b64_signature(EVP_PKEY *pkey, enum jwt_alg alg, char *b64protected, char *b64payload, char *dst, size_t dsize) { - EVP_MD_CTX *ctx; + EVP_MD_CTX *ctx = NULL; const EVP_MD *evp_md = NULL; int ret = 0; struct buffer *sign = NULL; @@ -450,6 +450,7 @@ size_t jws_b64_signature(EVP_PKEY *pkey, enum jwt_alg alg, char *b64protected, c ret = a2base64url(sign->area, sign->data, dst, dsize); out: + EVP_MD_CTX_free(ctx); free_trash_chunk(sign); if (ret > 0)