OpenSSL: Fix memory leak on error path

If SSL_CTX_new() fails in tls_init(), the per-SSL app-data allocation
could have been leaked when multiple TLS instances are allocated.

Signed-hostap: Jouni Malinen <j@w1.fi>

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 3df2bd2ca60f9e5fa6ab0e843e35e7d2629affb9..95c674a45de7d53fe00997b5ebe6c00d0f14c2aa 100644 (file)
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -784,11 +784,13 @@ void * tls_init(const struct tls_config *conf)
        ssl = SSL_CTX_new(TLSv1_method());
        if (ssl == NULL) {
                tls_openssl_ref_count--;
+#ifdef OPENSSL_SUPPORTS_CTX_APP_DATA
+               if (context != tls_global)
+                       os_free(context);
+#endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */
                if (tls_openssl_ref_count == 0) {
                        os_free(tls_global);
                        tls_global = NULL;
-               } else if (context != tls_global) {
-                       os_free(context);
                }
                return NULL;
        }