The two places that call `ossl_ssl_init()` assume that no additional
memory has been allocated when this fails; they subsequently free
the QUIC_CONNECTION/SSL_CONNECTION via OPENSSL_free() without freeing
any other resources.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20316)
if (ssl->lock == NULL)
return 0;
+ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, ssl, &ssl->ex_data)) {
+ CRYPTO_THREAD_lock_free(ssl->lock);
+ ssl->lock = NULL;
+ return 0;
+ }
+
SSL_CTX_up_ref(ctx);
ssl->ctx = ctx;
ssl->defltmeth = ssl->method = method;
- if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, ssl, &ssl->ex_data))
- return 0;
-
return 1;
}