From bd5524471a1e740c8874a7a48b0af8bdec746a14 Mon Sep 17 00:00:00 2001
From: Paul Bakker <p.j.bakker@polarssl.org>
Date: Wed, 3 Jul 2013 14:44:40 +0200
Subject: [PATCH] Removed memory leak in PKCS#12 code

---
 library/pkcs12.c | 34 +++++++++++++++++++++-------------
 1 file changed, 21 insertions(+), 13 deletions(-)

diff --git a/library/pkcs12.c b/library/pkcs12.c
index 625129317..e0d7207ce 100644
--- a/library/pkcs12.c
+++ b/library/pkcs12.c
@@ -179,24 +179,27 @@ int pkcs12_pbe( asn1_buf *pbe_params, int mode,
     }
 
     if( ( ret = cipher_init_ctx( &cipher_ctx, cipher_info ) ) != 0 )
-        return( ret );
+        goto exit;
 
     if( ( ret = cipher_setkey( &cipher_ctx, key, keylen, mode ) ) != 0 )
-        return( ret );
+        goto exit;
 
     if( ( ret = cipher_reset( &cipher_ctx, iv ) ) != 0 )
-        return( ret );
+        goto exit;
 
     if( ( ret = cipher_update( &cipher_ctx, data, len,
                                 output, &olen ) ) != 0 )
     {
-        return( ret );
+        goto exit;
     }
 
     if( ( ret = cipher_finish( &cipher_ctx, output + olen, &olen ) ) != 0 )
-        return( POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH );
+        ret = POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH;
 
-    return( 0 );
+exit:
+    cipher_free_ctx( &cipher_ctx );
+
+    return( ret );
 }
 
 static void pkcs12_fill_buffer( unsigned char *data, size_t data_len,
@@ -260,25 +263,25 @@ int pkcs12_derivation( unsigned char *data, size_t datalen,
     {
         // Calculate hash( diversifier || salt_block || pwd_block )
         if( ( ret = md_starts( &md_ctx ) ) != 0 )
-            return( ret );
+            goto exit;
 
         if( ( ret = md_update( &md_ctx, diversifier, v ) ) != 0 )
-            return( ret );
+            goto exit;
 
         if( ( ret = md_update( &md_ctx, salt_block, v ) ) != 0 )
-            return( ret );
+            goto exit;
 
         if( ( ret = md_update( &md_ctx, pwd_block, v ) ) != 0 )
-            return( ret );
+            goto exit;
 
         if( ( ret = md_finish( &md_ctx, hash_output ) ) != 0 )
-            return( ret );
+            goto exit;
 
         // Perform remaining ( iterations - 1 ) recursive hash calculations
         for( i = 1; i < iterations; i++ )
         {
             if( ( ret = md( md_info, hash_output, hlen, hash_output ) ) != 0 )
-                return( ret );
+                goto exit;
         }
 
         use_len = ( datalen > hlen ) ? hlen : datalen;
@@ -316,7 +319,12 @@ int pkcs12_derivation( unsigned char *data, size_t datalen,
         }
     }
 
-    return( 0 );
+    ret = 0;
+
+exit:
+    md_free_ctx( &md_ctx );
+
+    return( ret );
 }
 
 #endif /* POLARSSL_PKCS12_C */