From: Miłosz Kaniewski <milosz.kaniewski@gmail.com>
Date: Tue, 30 Jun 2020 19:46:38 +0000 (+0200)
Subject: Free pre_proc_exts in SSL_free()
X-Git-Tag: openssl-3.0.0-alpha5~120
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=94941cada25433a7dca35b5b9f8cbb751ab65ab3;p=thirdparty%2Fopenssl.git

Free pre_proc_exts in SSL_free()

Usually it will be freed in tls_early_post_process_client_hello().
However if a ClientHello callback will be used and will return
SSL_CLIENT_HELLO_RETRY then tls_early_post_process_client_hello()
may never come to the point where pre_proc_exts is freed.

Fixes #12194

CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/12330)
---

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index fea040289b1..dd83f373b20 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1217,6 +1217,8 @@ void SSL_free(SSL *s)
     OPENSSL_free(s->ext.ocsp.resp);
     OPENSSL_free(s->ext.alpn);
     OPENSSL_free(s->ext.tls13_cookie);
+    if (s->clienthello != NULL)
+        OPENSSL_free(s->clienthello->pre_proc_exts);
     OPENSSL_free(s->clienthello);
     OPENSSL_free(s->pha_context);
     EVP_MD_CTX_free(s->pha_dgst);