From: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Sun, 28 Jan 2024 22:50:16 +0000 (+0100)
Subject: Fix a possible memleak in bind_afalg
X-Git-Tag: openssl-3.3.0-alpha1~246
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=729a1496cc4cda669dea6501c991113c78f04560;p=thirdparty%2Fopenssl.git

Fix a possible memleak in bind_afalg

bind_afalg calls afalg_aes_cbc which allocates
cipher_handle->_hidden global object(s)
but if one of them fails due to out of memory,
the function bind_afalg relies on the engine destroy
method to be called.  But that does not happen
because the dynamic engine object is not destroyed
in the usual way in dynamic_load in this case:

If the bind_engine function fails, there will be no
further calls into the shared object.
See ./crypto/engine/eng_dyn.c near the comment:
/* Copy the original ENGINE structure back */

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23409)
---

diff --git a/engines/e_afalg.c b/engines/e_afalg.c
index c0189951e6c..06f9b116335 100644
--- a/engines/e_afalg.c
+++ b/engines/e_afalg.c
@@ -834,8 +834,10 @@ static int bind_helper(ENGINE *e, const char *id)
     if (!afalg_chk_platform())
         return 0;
 
-    if (!bind_afalg(e))
+    if (!bind_afalg(e)) {
+        afalg_destroy(e);
         return 0;
+    }
     return 1;
 }