From 4f11f520d730d5df986f300b8379f5cc6d4a5a1c Mon Sep 17 00:00:00 2001
From: Neil Horman <nhorman@openssl.org>
Date: Tue, 28 Jan 2025 09:16:09 -0500
Subject: [PATCH] Fix a memory leak on free
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Forgot to free the CRYPTO_REF when freeing a token

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26517)
---
 ssl/quic/quic_impl.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index 0f11ab69144..7810335430b 100644
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -4819,7 +4819,10 @@ static QUIC_TOKEN *ossl_quic_build_new_token(BIO_ADDR *peer, uint8_t *token,
     addrptr = (uint8_t *)(portptr + 1);
     *famptr = family;
     *portptr = port;
-    BIO_ADDR_rawaddress(peer, addrptr, NULL);
+    if (!BIO_ADDR_rawaddress(peer, addrptr, NULL)) {
+        ossl_quic_free_peer_token((QTOK *)new_token);
+        return NULL;
+    }
     if (token != NULL)
         memcpy(new_token->token, token, token_len);
     return new_token;
@@ -4892,6 +4895,7 @@ void ossl_quic_free_peer_token(QTOK *token)
     if (refs > 0)
         return;
 
+    CRYPTO_FREE_REF(&tok->references);
     OPENSSL_free(tok);
 }
 
-- 
2.47.2