From 61052e891e0686ac3b08dd3b0e0b20fd4c786cc4 Mon Sep 17 00:00:00 2001
From: Martin Brejcha <martin.brejcha@acision.com>
Date: Sun, 16 Nov 2014 17:04:40 +0000
Subject: Fix memory leak.

Fix memory leak by freeing up saved_message.data if it is not NULL.

PR#3489
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>

(cherry picked from commit 41cd41c4416f545a18ead37e09e437c75fa07c95)
---
 crypto/bio/bss_dgram.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'crypto')

diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c
index 53588e17ce..0decf9449b 100644
--- a/crypto/bio/bss_dgram.c
+++ b/crypto/bio/bss_dgram.c
@@ -1046,7 +1046,12 @@ static int dgram_sctp_free(BIO *a)
 		return 0;
 
 	data = (bio_dgram_sctp_data *)a->ptr;
-	if(data != NULL) OPENSSL_free(data);
+	if(data != NULL)
+		{
+		if(data->saved_message.data != NULL)
+			OPENSSL_free(data->saved_message.data);
+		OPENSSL_free(data);
+		}
 
 	return(1);
 	}
@@ -1163,6 +1168,7 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
 						dgram_sctp_write(data->saved_message.bio, data->saved_message.data,
 						                 data->saved_message.length);
 						OPENSSL_free(data->saved_message.data);
+						data->saved_message.data = NULL;
 						data->saved_message.length = 0;
 						}
 
@@ -1334,9 +1340,11 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl)
 	if (data->save_shutdown && !BIO_dgram_sctp_wait_for_dry(b))
 	{
 		data->saved_message.bio = b;
-		data->saved_message.length = inl;
+		if (data->saved_message.data)
+			OPENSSL_free(data->saved_message.data);
 		data->saved_message.data = OPENSSL_malloc(inl);
 		memcpy(data->saved_message.data, in, inl);
+		data->saved_message.length = inl;
 		return inl;
 	}
 
-- 
cgit v1.2.3