From: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Tue, 19 Sep 2023 18:15:18 +0000 (+0200)
Subject: Fix error handling in CRYPTO_get_ex_new_index
X-Git-Tag: openssl-3.1.4~66
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8edc82a9f440e1c9fe939945597469e939abd8c6;p=thirdparty%2Fopenssl.git

Fix error handling in CRYPTO_get_ex_new_index

If an out of memory error happens when the index zero
is reserved in a newly created ip->meth stack object,
that reservation is not done in a second attempt, which makes
various X_set_ex_data overwrite the value of X_set_app_data.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22149)

(cherry picked from commit d4f22a915ac50570015a23ad794032c4fb9496cb)
---

diff --git a/crypto/ex_data.c b/crypto/ex_data.c
index 0268da2a109..f92d0505fd9 100644
--- a/crypto/ex_data.c
+++ b/crypto/ex_data.c
@@ -171,6 +171,8 @@ int ossl_crypto_get_ex_new_index_ex(OSSL_LIB_CTX *ctx, int class_index,
          * "app_data" routines use ex_data index zero.  See RT 3710. */
         if (ip->meth == NULL
             || !sk_EX_CALLBACK_push(ip->meth, NULL)) {
+            sk_EX_CALLBACK_free(ip->meth);
+            ip->meth = NULL;
             ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE);
             goto err;
         }