From b77ab5ea083da7c089020cee3d2633178ffdc96d Mon Sep 17 00:00:00 2001
From: Toddr Bot <toddbot@rinaldo.us>
Date: Wed, 25 Mar 2026 05:15:56 +0000
Subject: [PATCH] fix: free signature buffer on RSA_sign failure (pre-3.x)

On pre-3.x OpenSSL, if RSA_sign() fails in the sign() XS function, the
CHECK_OPEN_SSL macro calls croakSsl() (a longjmp via croak) without
freeing the signature buffer allocated by CHECK_NEW. Replace with an
explicit check that calls Safefree() before croaking.

The 3.x path already handles this correctly via the THROW/err cleanup
pattern. This aligns the pre-3.x error path with the same standard.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 RSA.xs | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/RSA.xs b/RSA.xs
index fc98463..81ba1ba 100644
--- a/RSA.xs
+++ b/RSA.xs
@@ -1394,12 +1394,16 @@ sign(p_rsa, text_SV)
     sign_done:
 #else
     CHECK_NEW(signature, EVP_PKEY_get_size(p_rsa->rsa), UNSIGNED_CHAR);
-    CHECK_OPEN_SSL(RSA_sign(p_rsa->hashMode,
-                            digest,
-                            get_digest_length(p_rsa->hashMode),
-                            (unsigned char*) signature,
-                            &signature_length,
-                            p_rsa->rsa));
+    if (!RSA_sign(p_rsa->hashMode,
+                  digest,
+                  get_digest_length(p_rsa->hashMode),
+                  (unsigned char*) signature,
+                  &signature_length,
+                  p_rsa->rsa))
+    {
+        Safefree(signature);
+        croakSsl(__FILE__, __LINE__);
+    }
 #endif
     RETVAL = newSVpvn((const char* )signature, signature_length);
     Safefree(signature);