From 502651d49eb966438f57181f8afff507f2175942 Mon Sep 17 00:00:00 2001
From: Toddr Bot <toddbot@rinaldo.us>
Date: Sat, 14 Mar 2026 15:33:11 +0000
Subject: [PATCH 1/2] fix: free initial signature buffer before reallocation in
 sign()

On the OpenSSL 3.x path, sign() first allocates a signature buffer via
CHECK_NEW (line 987), then queries the actual required size with
EVP_PKEY_sign(NULL), then overwrites the pointer with Newx() without
freeing the first allocation. This leaks the initial buffer on every
call to sign().

Add Safefree(signature) before the Newx() to release the first
allocation. The pre-3.x path is unaffected as it uses the initial
buffer directly.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 RSA.xs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/RSA.xs b/RSA.xs
index 4b54c93..4eafa05 100644
--- a/RSA.xs
+++ b/RSA.xs
@@ -1061,6 +1061,7 @@ sign(p_rsa, text_SV)
     }
     THROW(EVP_PKEY_sign(ctx, NULL, &signature_length, digest, get_digest_length(p_rsa->hashMode)) == 1);
 
+    Safefree(signature);
     Newx(signature, signature_length, UNSIGNED_CHAR);
     THROW(signature);
 

From 2c05beda36a36f963726a921dde54672026ae33a Mon Sep 17 00:00:00 2001
From: Toddr Bot <toddbot@rinaldo.us>
Date: Mon, 16 Mar 2026 23:43:30 +0000
Subject: [PATCH 2/2] rebase: apply review feedback on #98

---
 RSA.xs | 1 -
 1 file changed, 1 deletion(-)

diff --git a/RSA.xs b/RSA.xs
index 4eafa05..4b54c93 100644
--- a/RSA.xs
+++ b/RSA.xs
@@ -1061,7 +1061,6 @@ sign(p_rsa, text_SV)
     }
     THROW(EVP_PKEY_sign(ctx, NULL, &signature_length, digest, get_digest_length(p_rsa->hashMode)) == 1);
 
-    Safefree(signature);
     Newx(signature, signature_length, UNSIGNED_CHAR);
     THROW(signature);