From: Stefan Eissing <stefan@eissing.org>
Date: Thu, 27 Nov 2025 11:11:39 +0000 (+0100)
Subject: ngtcp2+openssl: fix leak of session
X-Git-Tag: rc-8_18_0-1~131
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9bb5c0578b39e5b086b6a9db5c6eb299a0fe1c5c;p=thirdparty%2Fcurl.git

ngtcp2+openssl: fix leak of session

Fix return value indicating to OpenSSL if reference to session is kept
(it is not), so OpenSSL frees it.

Reported-by: Aleksei Bavshin
Fixes #19717
Closes #19718
---

diff --git a/lib/vquic/curl_ngtcp2.c b/lib/vquic/curl_ngtcp2.c
index ad1f2b2b25..61b233e4ff 100644
--- a/lib/vquic/curl_ngtcp2.c
+++ b/lib/vquic/curl_ngtcp2.c
@@ -2277,7 +2277,6 @@ static int quic_ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid)
 #endif
     Curl_ossl_add_session(cf, data, ctx->peer.scache_key, ssl_sessionid,
                           SSL_version(ssl), "h3", quic_tp, quic_tp_len);
-    return 1;
   }
   return 0;
 }