From: Dr. David von Oheimb <David.von.Oheimb@siemens.com>
Date: Thu, 22 Dec 2022 10:42:14 +0000 (+0100)
Subject: set_trace_data(): prevent double free on OPENSSL_strdup() failure
X-Git-Tag: openssl-3.2.0-alpha1~1406
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0fec2121c0c40d8b098896c9bdf629a48fbafa63;p=thirdparty%2Fopenssl.git

set_trace_data(): prevent double free on OPENSSL_strdup() failure

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19959)
---

diff --git a/crypto/trace.c b/crypto/trace.c
index 74dbd525a51..3bf9ff62f7e 100644
--- a/crypto/trace.c
+++ b/crypto/trace.c
@@ -288,11 +288,6 @@ static int set_trace_data(int category, int type, BIO **channel,
     }
 
     /* Before running callbacks are done, set new data where appropriate */
-    if (channel != NULL && *channel != NULL) {
-        trace_channels[category].type = type;
-        trace_channels[category].bio = *channel;
-    }
-
     if (prefix != NULL && *prefix != NULL) {
         if ((curr_prefix = OPENSSL_strdup(*prefix)) == NULL)
             return 0;
@@ -305,6 +300,15 @@ static int set_trace_data(int category, int type, BIO **channel,
         trace_channels[category].suffix = curr_suffix;
     }
 
+    if (channel != NULL && *channel != NULL) {
+        trace_channels[category].type = type;
+        trace_channels[category].bio = *channel;
+        /*
+         * This must not be done before setting prefix/suffix,
+         * as those may fail, and then the caller is mislead to free *channel.
+         */
+    }
+
     /* Finally, run the attach callback on the new data */
     if (channel != NULL && *channel != NULL) {
         attach_cb(category, CHANNEL, *channel);