From: Peter Kaestle <peter.kaestle@nokia.com>
Date: Thu, 16 Feb 2023 14:02:46 +0000 (+0100)
Subject: tls1_set_groups_list: freeing *pext before overwriting
X-Git-Tag: openssl-3.2.0-alpha1~1105
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=62ea5ffa7c8882ba90b26ab1deb0d977dcb5165c;p=thirdparty%2Fopenssl.git

tls1_set_groups_list: freeing *pext before overwriting

calling SSL_CTX_set1_groups_list() twice on one SSL_CTX* caused a memory
leak visible in valgrind:
  4 bytes in 1 blocks are definitely lost in loss record 1 of 1
     at 0x4841888: malloc (vg_replace_malloc.c:381)
     by 0x4B1EE96: CRYPTO_memdup (in libcrypto.so.3)
     by 0x48993A0: tls1_set_groups_list (in libssl.so.3)
     by 0x487AA7E: ssl3_ctx_ctrl (in libssl.so.3)
     by 0x1091EA: main (mem_leak.c:10)

  LEAK SUMMARY:
     definitely lost: 4 bytes in 1 blocks

Freeing *pext to fix it.

CLA: trivial

Signed-off-by: Peter Kaestle <peter.kaestle@nokia.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20317)

(cherry picked from commit fcf3a9f7c6a10acb2d92f03aec5e45df7dd712d5)
---

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 56225323145..7ec8be4c27e 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1076,6 +1076,7 @@ int tls1_set_groups_list(SSL_CTX *ctx, uint16_t **pext, size_t *pextlen,
     tmparr = OPENSSL_memdup(gcb.gid_arr, gcb.gidcnt * sizeof(*tmparr));
     if (tmparr == NULL)
         goto end;
+    OPENSSL_free(*pext);
     *pext = tmparr;
     *pextlen = gcb.gidcnt;
     ret = 1;