Fix memory leaks in BIO_dup_chain()

This fixes a memory leak that can occur whilst duplicating a BIO chain if the call to CRYPTO_dup_ex_data() fails. It also fixes a second memory leak where if a failure occurs after successfully creating the first BIO in the chain, then the beginning of the new chain was not freed. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: N Stephen Henson <steve@openssl.org>

Fix memory leaks in BIO_dup_chain()
This fixes a memory leak that can occur whilst duplicating a BIO chain if the call to CRYPTO_dup_ex_data() fails. It also fixes a second memory leak where if a failure occurs after successfully creating the first BIO in the chain, then the beginning of the new chain was not freed. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: N Stephen Henson <steve@openssl.org>
aec54108 · Matt Caswell · 5d80fab0 · aec54108
隐藏空白更改
内联并排

Showing with 5 addition and 2 deletion

crypto/bio/bio_lib.c crypto/bio/bio_lib.c +5 -2

未找到文件。
--- a/crypto/bio/bio_lib.c
+++ b/crypto/bio/bio_lib.c
@@ -535,8 +535,10 @@ BIO *BIO_dup_chain(BIO *in)

        /* copy app data */
        if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new_bio->ex_data,
-                                &bio->ex_data))
+                                &bio->ex_data)) {
+            BIO_free(new_bio);
            goto err;
+        }

        if (ret == NULL) {
            eoc = new_bio;
@@ -548,7 +550,8 @@ BIO *BIO_dup_chain(BIO *in)
    }
    return (ret);
 err:
-    BIO_free(ret);
+    BIO_free_all(ret);
+
    return (NULL);
 }