From: Tomas Mraz <tomas@openssl.org>
Date: Fri, 22 Oct 2021 07:38:18 +0000 (+0200)
Subject: OCSP_sendreq_bio: Avoid doublefree of mem BIO
X-Git-Tag: openssl-3.2.0-alpha1~3434
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f99b34957f4173f68d6f19d0d9fac37d797b7e0c;p=thirdparty%2Fopenssl.git

OCSP_sendreq_bio: Avoid doublefree of mem BIO

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/16886)
---

diff --git a/crypto/ocsp/ocsp_http.c b/crypto/ocsp/ocsp_http.c
index 28166d3a175..e8b6406d3c3 100644
--- a/crypto/ocsp/ocsp_http.c
+++ b/crypto/ocsp/ocsp_http.c
@@ -58,13 +58,11 @@ OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req)
     if (ctx == NULL)
         return NULL;
     mem = OSSL_HTTP_REQ_CTX_exchange(ctx);
-    resp = (OCSP_RESPONSE *)
-        ASN1_item_d2i_bio(ASN1_ITEM_rptr(OCSP_RESPONSE), mem, NULL);
-    BIO_free(mem);
+    /* ASN1_item_d2i_bio handles NULL bio gracefully */
+    resp = (OCSP_RESPONSE *)ASN1_item_d2i_bio(ASN1_ITEM_rptr(OCSP_RESPONSE),
+                                              mem, NULL);
 
-    /* this indirectly calls ERR_clear_error(): */
     OSSL_HTTP_REQ_CTX_free(ctx);
-
     return resp;
 }
 #endif /* !defined(OPENSSL_NO_OCSP) */