ossl_quic_new(): Fix a leak found by error injection

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22572)

(cherry picked from commit 55936eee86ce31e80fa49d11757f61fe9e20821e)

1 files changed, 10 insertions, 11 deletions

diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index 0c8e1b15a6..dd689865e4 100644
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -384,6 +384,12 @@ SSL *ossl_quic_new(SSL_CTX *ctx)
         QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
         goto err;
     }
+#if defined(OPENSSL_THREADS)
+    if ((qc->mutex = ossl_crypto_mutex_new()) == NULL) {
+        QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
+        goto err;
+    }
+#endif
 
     /* Initialise the QUIC_CONNECTION's stub header. */
     ssl_base = &qc->ssl;
@@ -406,13 +412,6 @@ SSL *ossl_quic_new(SSL_CTX *ctx)
     sc->options &= OSSL_QUIC_PERMITTED_OPTIONS_CONN;
     sc->pha_enabled = 0;
 
-#if defined(OPENSSL_THREADS)
-    if ((qc->mutex = ossl_crypto_mutex_new()) == NULL) {
-        QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
-        goto err;
-    }
-#endif
-
 #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
     qc->is_thread_assisted
         = (ssl_base->method == OSSL_QUIC_client_thread_method());
@@ -450,14 +449,14 @@ SSL *ossl_quic_new(SSL_CTX *ctx)
     return ssl_base;
 
 err:
-    if (qc != NULL) {
+    if (ssl_base == NULL) {
 #if defined(OPENSSL_THREADS)
         ossl_crypto_mutex_free(qc->mutex);
 #endif
-        ossl_quic_channel_free(qc->ch);
-        SSL_free(qc->tls);
+        OPENSSL_free(qc);
+    } else {
+        SSL_free(ssl_base);
     }
-    OPENSSL_free(qc);
     return NULL;
 }