Coverity found the following issues:

1591471
1591474
1591476

which pertain to memory leaks in the conf_mod code

If an error is encountered after the module STACK_OF is duplicated or
created in the new_modules variable, we need to remember to free it in
the error path

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23462)

diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
index 5c1d00d27cf17510176ce77f8bfd2f12d89ab689..23912a56ccbba58c99dd5a7aec68d3cfd5f05ae8 100644 (file)
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -368,6 +368,7 @@ static CONF_MODULE *module_add(DSO *dso, const char *name,
 
  err:
     ossl_rcu_write_unlock(module_list_lock);
+    sk_CONF_MODULE_free(new_modules);
     if (tmod != NULL) {
         OPENSSL_free(tmod->name);
         OPENSSL_free(tmod);
@@ -466,6 +467,7 @@ static int module_init(CONF_MODULE *pmod, const char *name, const char *value,
 
     if (!sk_CONF_IMODULE_push(new_modules, imod)) {
         ossl_rcu_write_unlock(module_list_lock);
+        sk_CONF_IMODULE_free(new_modules);
         ERR_raise(ERR_LIB_CONF, ERR_R_CRYPTO_LIB);
         goto err;
     }