Free SSL object on an error path

Thanks to @fangang190 for reporting this Fixes #7061 Reviewed-by: N Paul Yang <yang.yang@baishancloud.com> (Merged from https://github.com/openssl/openssl/pull/7065)

Free SSL object on an error path
Thanks to @fangang190 for reporting this Fixes #7061 Reviewed-by: N Paul Yang <yang.yang@baishancloud.com> (Merged from https://github.com/openssl/openssl/pull/7065)
67afcfd3 · Matt Caswell · Paul Yang · c2cb1a18 · 67afcfd3
显示空白变更内容
内联并排

Showing with 6 addition and 2 deletion

apps/s_server.c apps/s_server.c +6 -2

未找到文件。
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -2968,8 +2968,10 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
    if (context != NULL
        && !SSL_set_session_id_context(con, context,
-                                       strlen((char *)context)))
+                                       strlen((char *)context))) {
+        SSL_free(con);
        goto err;
+    }
    sbio = BIO_new_socket(s, BIO_NOCLOSE);
    if (s_nbio_test) {
@@ -2981,7 +2983,7 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
    SSL_set_bio(con, sbio, sbio);
    SSL_set_accept_state(con);
-    /* SSL_set_fd(con,s); */
+    /* No need to free |con| after this. Done by BIO_free(ssl_bio) */
    BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
    BIO_push(io, ssl_bio);
 #ifdef CHARSET_EBCDIC
@@ -3337,6 +3339,7 @@ static int rev_body(int s, int stype, int prot, unsigned char *context)
    if (context != NULL
        && !SSL_set_session_id_context(con, context,
                                       strlen((char *)context))) {
+        SSL_free(con);
        ERR_print_errors(bio_err);
        goto err;
    }
@@ -3345,6 +3348,7 @@ static int rev_body(int s, int stype, int prot, unsigned char *context)
    SSL_set_bio(con, sbio, sbio);
    SSL_set_accept_state(con);
+    /* No need to free |con| after this. Done by BIO_free(ssl_bio) */
    BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
    BIO_push(io, ssl_bio);
 #ifdef CHARSET_EBCDIC