From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Wed, 9 Oct 2024 13:42:37 +0000 (+0200)
Subject: Fix memory leak in tls_parse_ctos_psk()
X-Git-Tag: openssl-3.5.0-alpha1~1011
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b2474b287fbc7a24f0aa15e6808c6e3ef8287f23;p=thirdparty%2Fopenssl.git

Fix memory leak in tls_parse_ctos_psk()

`sess` is not NULL at this point, and is freed on the success path, but
not on the error path. Fix this by going to the `err` label such that
`SSL_SESSION_free(sess)` is called.

CLA: trivial

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25643)
---

diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index cb143aa8438..5d91d3893f7 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -1121,7 +1121,7 @@ int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
 
             if (sesstmp == NULL) {
                 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
-                return 0;
+                goto err;
             }
             SSL_SESSION_free(sess);
             sess = sesstmp;