From a478dd11e9e827445e472c87288dfb77790d2d8e Mon Sep 17 00:00:00 2001
From: "Dr. David von Oheimb" <David.von.Oheimb@siemens.com>
Date: Thu, 22 Dec 2022 11:42:14 +0100
Subject: set_trace_data(): prevent double free on OPENSSL_strdup() failure

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19959)

(cherry picked from commit 0fec2121c0c40d8b098896c9bdf629a48fbafa63)
---
 crypto/trace.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/crypto/trace.c b/crypto/trace.c
index 520d2a5178..de03fe954c 100644
--- a/crypto/trace.c
+++ b/crypto/trace.c
@@ -287,11 +287,6 @@ static int set_trace_data(int category, int type, BIO **channel,
     }
 
     /* Before running callbacks are done, set new data where appropriate */
-    if (channel != NULL && *channel != NULL) {
-        trace_channels[category].type = type;
-        trace_channels[category].bio = *channel;
-    }
-
     if (prefix != NULL && *prefix != NULL) {
         if ((curr_prefix = OPENSSL_strdup(*prefix)) == NULL)
             return 0;
@@ -304,6 +299,15 @@ static int set_trace_data(int category, int type, BIO **channel,
         trace_channels[category].suffix = curr_suffix;
     }
 
+    if (channel != NULL && *channel != NULL) {
+        trace_channels[category].type = type;
+        trace_channels[category].bio = *channel;
+        /*
+         * This must not be done before setting prefix/suffix,
+         * as those may fail, and then the caller is mislead to free *channel.
+         */
+    }
+
     /* Finally, run the attach callback on the new data */
     if (channel != NULL && *channel != NULL) {
         attach_cb(category, CHANNEL, *channel);
-- 
cgit v1.2.3