From c10ded8c2c862992c98b83909a679aa0bb448a55 Mon Sep 17 00:00:00 2001 From: Todd Short Date: Thu, 16 Feb 2023 10:56:29 -0500 Subject: Fix possible memory leak on error The two places that call `ossl_ssl_init()` assume that no additional memory has been allocated when this fails; they subsequently free the QUIC_CONNECTION/SSL_CONNECTION via OPENSSL_free() without freeing any other resources. Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/20316) --- ssl/ssl_lib.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'ssl/ssl_lib.c') diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 2549798598..44ba62ffde 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -712,14 +712,17 @@ int ossl_ssl_init(SSL *ssl, SSL_CTX *ctx, const SSL_METHOD *method, int type) if (ssl->lock == NULL) return 0; + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, ssl, &ssl->ex_data)) { + CRYPTO_THREAD_lock_free(ssl->lock); + ssl->lock = NULL; + return 0; + } + SSL_CTX_up_ref(ctx); ssl->ctx = ctx; ssl->defltmeth = ssl->method = method; - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, ssl, &ssl->ex_data)) - return 0; - return 1; } -- cgit v1.2.3