app_http_tls_cb: Fix double-free in case TLS not used

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17400)

diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 328b0addb4e27ab36b13381e6a61ca1a443ea60d..3b0266f158a03bbb8e44613dca1d10081bc731dd 100644 (file)
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -2464,9 +2464,10 @@ static const char *tls_error_hint(void)
 /* HTTP callback function that supports TLS connection also via HTTPS proxy */
 BIO *app_http_tls_cb(BIO *bio, void *arg, int connect, int detail)
 {
+    APP_HTTP_TLS_INFO *info = (APP_HTTP_TLS_INFO *)arg;
+    SSL_CTX *ssl_ctx = info->ssl_ctx;
+
     if (connect && detail) { /* connecting with TLS */
-        APP_HTTP_TLS_INFO *info = (APP_HTTP_TLS_INFO *)arg;
-        SSL_CTX *ssl_ctx = info->ssl_ctx;
         SSL *ssl;
         BIO *sbio = NULL;
 
@@ -2500,12 +2501,14 @@ BIO *app_http_tls_cb(BIO *bio, void *arg, int connect, int detail)
             if (hint != NULL)
                 ERR_add_error_data(2, " : ", hint);
         }
-        (void)ERR_set_mark();
-        BIO_ssl_shutdown(bio);
-        cbio = BIO_pop(bio); /* connect+HTTP BIO */
-        BIO_free(bio); /* SSL BIO */
-        (void)ERR_pop_to_mark(); /* hide SSL_R_READ_BIO_NOT_SET etc. */
-        bio = cbio;
+        if (ssl_ctx != NULL) {
+            (void)ERR_set_mark();
+            BIO_ssl_shutdown(bio);
+            cbio = BIO_pop(bio); /* connect+HTTP BIO */
+            BIO_free(bio); /* SSL BIO */
+            (void)ERR_pop_to_mark(); /* hide SSL_R_READ_BIO_NOT_SET etc. */
+            bio = cbio;
+        }
     }
     return bio;
 }