From: Alexandr Nedvedicky Date: Thu, 9 Apr 2026 13:50:01 +0000 (+0200) Subject: quic_channel.c: fix potential memory leak on failure in ossl_quic_channel_alloc X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6000ce924519ed48d6ee39f812cd212e24c6733e;p=thirdparty%2Fopenssl.git quic_channel.c: fix potential memory leak on failure in ossl_quic_channel_alloc Add missing OPENSSL_free() in error path. Fixes: 35dc6c353bf "QUIC: Make more transport parameters configurable" Reviewed-by: Eugene Syromiatnikov Reviewed-by: Nikola Pajkovsky Reviewed-by: Matt Caswell MergeDate: Mon May 11 00:23:13 2026 (Merged from https://github.com/openssl/openssl/pull/30754) --- diff --git a/ssl/quic/quic_channel.c b/ssl/quic/quic_channel.c index fe819b4b2f6..4c299a53e5b 100644 --- a/ssl/quic/quic_channel.c +++ b/ssl/quic/quic_channel.c @@ -434,7 +434,7 @@ void ossl_quic_channel_bind_qrx(QUIC_CHANNEL *tserver_ch, OSSL_QRX *qrx) QUIC_CHANNEL *ossl_quic_channel_alloc(const QUIC_CHANNEL_ARGS *args) { - QUIC_CHANNEL *ch = NULL; + QUIC_CHANNEL *ch; if ((ch = OPENSSL_zalloc(sizeof(*ch))) == NULL) return NULL; @@ -450,10 +450,8 @@ QUIC_CHANNEL *ossl_quic_channel_alloc(const QUIC_CHANNEL_ARGS *args) ch->use_qlog = args->use_qlog; if (ch->use_qlog && args->qlog_title != NULL) { - if ((ch->qlog_title = OPENSSL_strdup(args->qlog_title)) == NULL) { - OPENSSL_free(ch); - return NULL; - } + if ((ch->qlog_title = OPENSSL_strdup(args->qlog_title)) == NULL) + goto err; } #endif @@ -473,10 +471,18 @@ QUIC_CHANNEL *ossl_quic_channel_alloc(const QUIC_CHANNEL_ARGS *args) if (!ossl_quic_rxfc_init(&ch->conn_rxfc, NULL, ch->tx_init_max_data, DEFAULT_CONN_RXFC_MAX_WND_MUL * ch->tx_init_max_data, - get_time, ch)) - return NULL; + get_time, ch)) { + goto err; + } return ch; + +err: +#ifndef OPENSSL_NO_QLOG + OPENSSL_free(ch->qlog_title); +#endif + OPENSSL_free(ch); + return NULL; } void ossl_quic_channel_free(QUIC_CHANNEL *ch)