Fix memory leaks in BIO_dup_chain()

This fixes a memory leak that can occur whilst duplicating a BIO chain if the call to CRYPTO_dup_ex_data() fails. It also fixes a second memory leak where if a failure occurs after successfully creating the first BIO in the chain, then the beginning of the new chain was not freed. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Stephen Henson <steve@openssl.org>
author: Matt Caswell <matt@openssl.org> 2015-04-30 14:51:10 +0100
committer: Matt Caswell <matt@openssl.org> 2015-06-10 10:09:57 +0100
commit: aec54108ef0d469964505ac1f77984f19099ec05 (patch)
tree: 1ac40c3d27f39c1c4e7510fc092bc9658e3ef13f
parent: 5d80fab086fe8849222613e20d7cf61839f94f5f (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c
index 19cd06983f..cc859da740 100644
--- a/crypto/bio/bio_lib.c
+++ b/crypto/bio/bio_lib.c
@@ -535,8 +535,10 @@ BIO *BIO_dup_chain(BIO *in)
 
         /* copy app data */
         if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new_bio->ex_data,
-                                &bio->ex_data))
+                                &bio->ex_data)) {
+            BIO_free(new_bio);
             goto err;
+        }
 
         if (ret == NULL) {
             eoc = new_bio;
@@ -548,7 +550,8 @@ BIO *BIO_dup_chain(BIO *in)
     }
     return (ret);
  err:
-    BIO_free(ret);
+    BIO_free_all(ret);
+
     return (NULL);
 }
author	Matt Caswell <matt@openssl.org>	2015-04-30 14:51:10 +0100
committer	Matt Caswell <matt@openssl.org>	2015-06-10 10:09:57 +0100
commit	aec54108ef0d469964505ac1f77984f19099ec05 (patch)
tree	1ac40c3d27f39c1c4e7510fc092bc9658e3ef13f
parent	5d80fab086fe8849222613e20d7cf61839f94f5f (diff)