From 9f9dc855adf7e9a65b4a0de7fa1ea19d0a55094f Mon Sep 17 00:00:00 2001
From: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Mon, 6 Nov 2023 11:03:05 +0100
Subject: Fix a possible memory leak in custom_ext_add

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22638)

(cherry picked from commit 668a144f0a6dcfb9f904043c29372cbf19856c39)
---
 ssl/statem/extensions_cust.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ssl/statem/extensions_cust.c b/ssl/statem/extensions_cust.c
index 8b296f1f59..7c049d2970 100644
--- a/ssl/statem/extensions_cust.c
+++ b/ssl/statem/extensions_cust.c
@@ -225,6 +225,9 @@ int custom_ext_add(SSL_CONNECTION *s, int context, WPACKET *pkt, X509 *x,
                 || !WPACKET_start_sub_packet_u16(pkt)
                 || (outlen > 0 && !WPACKET_memcpy(pkt, out, outlen))
                 || !WPACKET_close(pkt)) {
+            if (meth->free_cb != NULL)
+                meth->free_cb(SSL_CONNECTION_GET_SSL(s), meth->ext_type, context,
+                              out, meth->add_arg);
             if (!for_comp)
                 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
             return 0;
@@ -234,6 +237,9 @@ int custom_ext_add(SSL_CONNECTION *s, int context, WPACKET *pkt, X509 *x,
              * We can't send duplicates: code logic should prevent this.
              */
             if (!ossl_assert((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0)) {
+                if (meth->free_cb != NULL)
+                    meth->free_cb(SSL_CONNECTION_GET_SSL(s), meth->ext_type,
+                                  context, out, meth->add_arg);
                 if (!for_comp)
                     SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
                 return 0;
-- 
cgit v1.2.3