bind/backport-Free-rsa-if-e-is-NULL-in-opensslrsa_verify2.patch

From 6f1e04409a24b275d756fdddc1ed8fffc2d48254 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Mon, 26 Sep 2022 11:51:05 +1000
Subject: [PATCH] Free 'rsa' if 'e' is NULL in opensslrsa_verify2

Conflict: NA
Reference: https://gitlab.isc.org/isc-projects/bind9/-/commit/6f1e04409a24b275d756fdddc1ed8fffc2d48254
(cherry picked from commit a2b51ca6acae9e1c819e0d2e4aa1584b675c4cb7)
---
 lib/dns/opensslrsa_link.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c
index b0d8dd85b9..7aa743394b 100644
--- a/lib/dns/opensslrsa_link.c
+++ b/lib/dns/opensslrsa_link.c
@@ -333,6 +333,10 @@ opensslrsa_verify2(dst_context_t *dctx, int maxbits, const isc_region_t *sig) {
 		return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
 	}
 	RSA_get0_key(rsa, NULL, &e, NULL);
+	if (e == NULL) {
+		RSA_free(rsa);
+		return (dst__openssl_toresult(DST_R_VERIFYFAILURE));
+	}
 	bits = BN_num_bits(e);
 	RSA_free(rsa);
 	if (bits > maxbits && maxbits != 0) {
-- 
2.23.0