Fix memory leaks in BIO_dup_chain()

This fixes a memory leak that can occur whilst duplicating a BIO chain if the call to CRYPTO_dup_ex_data() fails. It also fixes a second memory leak where if a failure occurs after successfully creating the first BIO in the chain, then the beginning of the new chain was not freed. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Stephen Henson <steve@openssl.org> Conflicts: crypto/bio/bio_lib.c
author: Matt Caswell <matt@openssl.org> 2015-04-30 14:51:10 +0100
committer: Matt Caswell <matt@openssl.org> 2015-06-10 10:24:49 +0100
commit: b3c02473f7a22b19cbf86d5012d05a9d6a2c5f4d (patch)
tree: daf30a63ee82cb163b50c71ef02d556ba3ef1e89 /crypto
parent: 23cd01ef61ff9110850ee75c42ccb365ddc8a6ab (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c
index 5267010cb0..07934f8a66 100644
--- a/crypto/bio/bio_lib.c
+++ b/crypto/bio/bio_lib.c
@@ -536,8 +536,10 @@ BIO *BIO_dup_chain(BIO *in)
 
         /* copy app data */
         if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new_bio->ex_data,
-                                &bio->ex_data))
+                                &bio->ex_data)) {
+            BIO_free(new_bio);
             goto err;
+        }
 
         if (ret == NULL) {
             eoc = new_bio;
@@ -549,8 +551,8 @@ BIO *BIO_dup_chain(BIO *in)
     }
     return (ret);
  err:
-    if (ret != NULL)
-        BIO_free(ret);
+    BIO_free_all(ret);
+
     return (NULL);
 }
author	Matt Caswell <matt@openssl.org>	2015-04-30 14:51:10 +0100
committer	Matt Caswell <matt@openssl.org>	2015-06-10 10:24:49 +0100
commit	b3c02473f7a22b19cbf86d5012d05a9d6a2c5f4d (patch)
tree	daf30a63ee82cb163b50c71ef02d556ba3ef1e89 /crypto
parent	23cd01ef61ff9110850ee75c42ccb365ddc8a6ab (diff)