Fix memory leaks in BIO_dup_chain()

This fixes a memory leak that can occur whilst duplicating a BIO chain if the call to CRYPTO_dup_ex_data() fails. It also fixes a second memory leak where if a failure occurs after successfully creating the first BIO in the chain, then the beginning of the new chain was not freed. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Stephen Henson <steve@openssl.org> Conflicts: crypto/bio/bio_lib.c
author: Matt Caswell <matt@openssl.org> 2015-04-30 14:51:10 +0100
committer: Matt Caswell <matt@openssl.org> 2015-06-10 10:29:31 +0100
commit: f92b1967234fd7926b476768584fa5573eaadd72 (patch)
tree: 0ec72b48a1c6e6136b58999e3d96fe508b6ebdc2
parent: e94118ae2a6aff6427ade82e843d683d4913bcec (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c
index 5267010cb0..07934f8a66 100644
--- a/crypto/bio/bio_lib.c
+++ b/crypto/bio/bio_lib.c
@@ -536,8 +536,10 @@ BIO *BIO_dup_chain(BIO *in)
 
         /* copy app data */
         if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new_bio->ex_data,
-                                &bio->ex_data))
+                                &bio->ex_data)) {
+            BIO_free(new_bio);
             goto err;
+        }
 
         if (ret == NULL) {
             eoc = new_bio;
@@ -549,8 +551,8 @@ BIO *BIO_dup_chain(BIO *in)
     }
     return (ret);
  err:
-    if (ret != NULL)
-        BIO_free(ret);
+    BIO_free_all(ret);
+
     return (NULL);
 }
author	Matt Caswell <matt@openssl.org>	2015-04-30 14:51:10 +0100
committer	Matt Caswell <matt@openssl.org>	2015-06-10 10:29:31 +0100
commit	f92b1967234fd7926b476768584fa5573eaadd72 (patch)
tree	0ec72b48a1c6e6136b58999e3d96fe508b6ebdc2
parent	e94118ae2a6aff6427ade82e843d683d4913bcec (diff)