OpenSSL: Fix memory leak on FIPS error paths

Do not leave the tls_global context allocated if the global OpenSSL
initialization fails. This was possible in case of FIPS builds if
the FIPS mode cannot be initialized.

Signed-hostap: Jouni Malinen <j@w1.fi>

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 19fa3fb14b771dd55d29f9165bd83ff69fc05c68..baf206ee929f6a47510c0139622f5a747e615b33 100644 (file)
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -709,6 +709,8 @@ void * tls_init(const struct tls_config *conf)
                                           "mode");
                                ERR_load_crypto_strings();
                                ERR_print_errors_fp(stderr);
+                               os_free(tls_global);
+                               tls_global = NULL;
                                return NULL;
                        } else
                                wpa_printf(MSG_INFO, "Running in FIPS mode");
@@ -717,6 +719,8 @@ void * tls_init(const struct tls_config *conf)
                if (conf && conf->fips_mode) {
                        wpa_printf(MSG_ERROR, "FIPS mode requested, but not "
                                   "supported");
+                       os_free(tls_global);
+                       tls_global = NULL;
                        return NULL;
                }
 #endif /* OPENSSL_FIPS */