]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a8f8e64)
quic: free popped incoming channel on early exit in accept_connection
authorJoshua Rogers <MegaManSec@users.noreply.github.com>
Sun, 12 Oct 2025 13:28:08 +0000 (21:28 +0800)
committerTomas Mraz <tomas@openssl.org>
Mon, 12 Jan 2026 18:49:41 +0000 (19:49 +0100)
If we pop a channel but fail to extract or adopt its SSL pointer,
we return without releasing the channel. Add a small cleanup at
the function epilogue to free new_ch when conn_ssl is NULL.

Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Jan 12 18:54:05 2026
(Merged from https://github.com/openssl/openssl/pull/28920)

ssl/quic/quic_impl.c patch | blob | blame | history

diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index 87c1370a8d6db864333d9eb64493f76e611a0d07..46a34a10631579f65bcbd1df62b312bba9036a95 100644 (file)
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -4800,6 +4800,11 @@ SSL *ossl_quic_accept_connection(SSL *ssl, uint64_t flags)
     }
 
 out:
+    if (conn_ssl == NULL && new_ch != NULL) {
+        ossl_quic_channel_free(new_ch);
+        new_ch = NULL;
+    }
+
     qctx_unlock(&ctx);
     return conn_ssl;
 }
Mirror of https://github.com/openssl/openssl.git