]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
ssl/statem/extensions_srvr.c: free empty rcfgs in tls_construct_stoc_ech()
authorEugene Syromiatnikov <esyr@openssl.org>
Mon, 23 Feb 2026 05:15:02 +0000 (06:15 +0100)
committerTomas Mraz <tomas@openssl.org>
Wed, 25 Feb 2026 11:10:24 +0000 (12:10 +0100)
Free rcfgs before return when rcfgslen is 0, mostly to placate
Coverity, as it is expected to be NULL with the majority of realloc()
implementations.

Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1681463
Complements: 6c3edd4f3a8a "Add server-side handling of Encrypted Client Hello"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:10:55 2026
(Merged from https://github.com/openssl/openssl/pull/30139)

ssl/statem/extensions_srvr.c

index 51159de03f0ed77b640696a00f967a37350c6af4..a2ec696fa57c90edeeb15444e762a9184efdf46c 100644 (file)
@@ -2591,6 +2591,7 @@ EXT_RETURN tls_construct_stoc_ech(SSL_CONNECTION *s, WPACKET *pkt,
                                 "I've no configs set to be returned\n");
         }
         OSSL_TRACE_END(TLS);
+        OPENSSL_free(rcfgs);
         return EXT_RETURN_NOT_SENT;
     }
     if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_ech)