From 7114d16098b0cf4910e06490fa70758f1c2c62a3 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Fri, 15 Feb 2019 08:52:16 +1100
Subject: [PATCH 3543/3677] fix memory leak

---
 lib/dns/spnego_asn1.c | 56 +++++++++++++++++++++++++++++++--------------------
 1 file changed, 34 insertions(+), 22 deletions(-)

diff --git a/lib/dns/spnego_asn1.c b/lib/dns/spnego_asn1.c
index fb51b0d..46e487a 100644
--- a/lib/dns/spnego_asn1.c
+++ b/lib/dns/spnego_asn1.c
@@ -467,25 +467,25 @@ decode_NegTokenInit(const unsigned char *p, size_t len, NegTokenInit * data, siz
 	FORW;
 	{
 		int dce_fix;
-		if ((dce_fix = fix_dce(reallen, &len)) < 0)
-			return ASN1_BAD_FORMAT;
+		if ((dce_fix = fix_dce(reallen, &len)) < 0) {
+			e = ASN1_BAD_FORMAT;
+			goto fail;
+		}
 		{
 			size_t newlen, oldlen;
 
 			e = der_match_tag(p, len, ASN1_C_CONTEXT, CONS, 0, &l);
-			if (e)
-				return e;
-			else {
-				p += l;
-				len -= l;
-				ret += l;
+			FORW;
+			{
 				e = der_get_length(p, len, &newlen, &l);
 				FORW;
 				{
 					int mydce_fix;
 					oldlen = len;
-					if ((mydce_fix = fix_dce(newlen, &len)) < 0)
-						return ASN1_BAD_FORMAT;
+					if ((mydce_fix = fix_dce(newlen, &len)) < 0) {
+						e = ASN1_BAD_FORMAT;
+						goto fail;
+					}
 					e = decode_MechTypeList(p, len, &(data)->mechTypes, &l);
 					FORW;
 					if (mydce_fix) {
@@ -511,11 +511,15 @@ decode_NegTokenInit(const unsigned char *p, size_t len, NegTokenInit * data, siz
 				{
 					int mydce_fix;
 					oldlen = len;
-					if ((mydce_fix = fix_dce(newlen, &len)) < 0)
-						return ASN1_BAD_FORMAT;
+					if ((mydce_fix = fix_dce(newlen, &len)) < 0) {
+						e = ASN1_BAD_FORMAT;
+						goto fail;
+					}
 					(data)->reqFlags = malloc(sizeof(*(data)->reqFlags));
-					if ((data)->reqFlags == NULL)
-						return ENOMEM;
+					if ((data)->reqFlags == NULL) {
+						e = ENOMEM;
+						goto fail;
+					}
 					e = decode_ContextFlags(p, len, (data)->reqFlags, &l);
 					FORW;
 					if (mydce_fix) {
@@ -541,11 +545,15 @@ decode_NegTokenInit(const unsigned char *p, size_t len, NegTokenInit * data, siz
 				{
 					int mydce_fix;
 					oldlen = len;
-					if ((mydce_fix = fix_dce(newlen, &len)) < 0)
-						return ASN1_BAD_FORMAT;
+					if ((mydce_fix = fix_dce(newlen, &len)) < 0) {
+						e = ASN1_BAD_FORMAT;
+						goto fail;
+					}
 					(data)->mechToken = malloc(sizeof(*(data)->mechToken));
-					if ((data)->mechToken == NULL)
-						return ENOMEM;
+					if ((data)->mechToken == NULL) {
+						e = ENOMEM;
+						goto fail;
+					}
 					e = decode_octet_string(p, len, (data)->mechToken, &l);
 					FORW;
 					if (mydce_fix) {
@@ -571,11 +579,15 @@ decode_NegTokenInit(const unsigned char *p, size_t len, NegTokenInit * data, siz
 				{
 					int mydce_fix;
 					oldlen = len;
-					if ((mydce_fix = fix_dce(newlen, &len)) < 0)
-						return ASN1_BAD_FORMAT;
+					if ((mydce_fix = fix_dce(newlen, &len)) < 0) {
+						e = ASN1_BAD_FORMAT;
+						goto fail;
+					}
 					(data)->mechListMIC = malloc(sizeof(*(data)->mechListMIC));
-					if ((data)->mechListMIC == NULL)
-						return ENOMEM;
+					if ((data)->mechListMIC == NULL) {
+						e = ENOMEM;
+						goto fail;
+					}
 					e = decode_octet_string(p, len, (data)->mechListMIC, &l);
 					FORW;
 					if (mydce_fix) {
-- 
1.8.3.1