From: Niels Dossche <niels.dossche@ugent.be>
Date: Mon, 28 Oct 2024 15:34:55 +0000 (+0100)
Subject: Fix potential memory leak in BIO_get_accept_socket()
X-Git-Tag: openssl-3.3.3~66
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=609bc44f14e4ee3a07ae8b3ecedc4adf88b03c86;p=thirdparty%2Fopenssl.git

Fix potential memory leak in BIO_get_accept_socket()

When BIO_parse_hostserv() fails it may still have allocated memory, yet
this memory is not freed. Fix it by jumping to the err label.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25817)

(cherry picked from commit 32476957ead4151dceaf873306fc7e79cd262812)
---

diff --git a/crypto/bio/bio_addr.c b/crypto/bio/bio_addr.c
index 5e0de089701..4367def8af7 100644
--- a/crypto/bio/bio_addr.c
+++ b/crypto/bio/bio_addr.c
@@ -571,8 +571,13 @@ int BIO_parse_hostserv(const char *hostserv, char **host, char **service,
             *service = NULL;
         } else {
             *service = OPENSSL_strndup(p, pl);
-            if (*service == NULL)
+            if (*service == NULL) {
+                if (h != NULL && host != NULL) {
+                    OPENSSL_free(*host);
+                    *host = NULL;
+                }
                 return 0;
+            }
         }
     }
 
diff --git a/crypto/bio/bio_sock.c b/crypto/bio/bio_sock.c
index ea28fd2826d..141b224e6e4 100644
--- a/crypto/bio/bio_sock.c
+++ b/crypto/bio/bio_sock.c
@@ -257,7 +257,7 @@ int BIO_get_accept_socket(char *host, int bind_mode)
         return INVALID_SOCKET;
 
     if (BIO_sock_init() != 1)
-        return INVALID_SOCKET;
+        goto err;
 
     if (BIO_lookup(h, p, BIO_LOOKUP_SERVER, AF_UNSPEC, SOCK_STREAM, &res) != 0)
         goto err;