From: Matt Caswell <matt@openssl.org>
Date: Wed, 16 Aug 2023 11:15:07 +0000 (+0100)
Subject: Fix a memory leak in tls_new_record_layer
X-Git-Tag: openssl-3.2.0-alpha1~197
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0577dbad0709f1b3717297420069c6160245e74d;p=thirdparty%2Fopenssl.git

Fix a memory leak in tls_new_record_layer

If setting the crypto state has failed then memory might have been
partially allocated to fields within the partially constructed record
layer. We need to call tls_int_free() to properly free it.

Found by the reproducible error patch in openssl#21668

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21753)
---

diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c
index 4cfeddca431..505e1331618 100644
--- a/ssl/record/methods/tls_common.c
+++ b/ssl/record/methods/tls_common.c
@@ -1411,7 +1411,7 @@ tls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
 
  err:
     if (ret != OSSL_RECORD_RETURN_SUCCESS) {
-        OPENSSL_free(*retrl);
+        tls_int_free(*retrl);
         *retrl = NULL;
     }
     return ret;