Fixes #20278: Fixed double free bug in crypto/http/http_client.c

CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20351) (cherry picked from commit 7fed5193d242938d9ac5a0c1cb32b22b33379a06)
author: Jeeban Sethi <jeeban@Jeebans-MacBook-Air.local> 2023-02-21 21:31:43 +0530
committer: Pauli <pauli@openssl.org> 2023-02-23 20:08:16 +1100
commit: 849586c7db4740be3c12b320b66c57b2a4527ab9 (patch)
tree: 7911480c0c2d3e898e57554198f99adab771470e /crypto/http/http_client.c
parent: c344ee0e0f2f90221dbf1eed55a2736eabbd49c9 (diff)
1 files changed, 8 insertions, 3 deletions
diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c
index 0d62f1c7bf..d0b51605ab 100644
--- a/crypto/http/http_client.c
+++ b/crypto/http/http_client.c
@@ -1122,7 +1122,7 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
     char *port;
     char *path;
     int use_ssl;
-    OSSL_HTTP_REQ_CTX *rctx;
+    OSSL_HTTP_REQ_CTX *rctx = NULL;
     BIO *resp = NULL;
     time_t max_time = timeout > 0 ? time(NULL) + timeout : 0;
 
@@ -1148,10 +1148,12 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
                                         NULL /* req */,
                                         expected_ct, expect_asn1, max_resp_len,
                                         -1 /* use same max time (timeout) */,
-                                        0 /* no keep_alive */))
+                                        0 /* no keep_alive */)) {
                 OSSL_HTTP_REQ_CTX_free(rctx);
-            else
+                rctx = NULL;
+           } else {
                 resp = OSSL_HTTP_exchange(rctx, &redirection_url);
+           }
         }
         OPENSSL_free(path);
         if (resp == NULL && redirection_url != NULL) {
@@ -1166,6 +1168,7 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
                         OPENSSL_free(host);
                         OPENSSL_free(port);
                         (void)OSSL_HTTP_close(rctx, 1);
+                        rctx = NULL;
                         BIO_free(resp);
                         OPENSSL_free(current_url);
                         return NULL;
@@ -1175,6 +1178,7 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
                 OPENSSL_free(host);
                 OPENSSL_free(port);
                 (void)OSSL_HTTP_close(rctx, 1);
+                rctx = NULL;
                 continue;
             }
             /* if redirection not allowed, ignore it */
@@ -1184,6 +1188,7 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
         OPENSSL_free(port);
         if (!OSSL_HTTP_close(rctx, resp != NULL)) {
             BIO_free(resp);
+            rctx = NULL;
             resp = NULL;
         }
         break;
author	Jeeban Sethi <jeeban@Jeebans-MacBook-Air.local>	2023-02-21 21:31:43 +0530
committer	Pauli <pauli@openssl.org>	2023-02-23 20:08:16 +1100
commit	849586c7db4740be3c12b320b66c57b2a4527ab9 (patch)
tree	7911480c0c2d3e898e57554198f99adab771470e /crypto/http/http_client.c
parent	c344ee0e0f2f90221dbf1eed55a2736eabbd49c9 (diff)