From: Jouni Malinen <j@w1.fi>
Date: Thu, 16 Aug 2012 14:38:46 +0000 (+0300)
Subject: OpenSSL: Fix memory leak on FIPS error paths
X-Git-Tag: hostap_2_0~415
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b36540dbebd5da45b967a493cad8b52108d88182;p=thirdparty%2Fhostap.git

OpenSSL: Fix memory leak on FIPS error paths

Do not leave the tls_global context allocated if the global OpenSSL
initialization fails. This was possible in case of FIPS builds if
the FIPS mode cannot be initialized.

Signed-hostap: Jouni Malinen <j@w1.fi>
---

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 19fa3fb14..baf206ee9 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -709,6 +709,8 @@ void * tls_init(const struct tls_config *conf)
 					   "mode");
 				ERR_load_crypto_strings();
 				ERR_print_errors_fp(stderr);
+				os_free(tls_global);
+				tls_global = NULL;
 				return NULL;
 			} else
 				wpa_printf(MSG_INFO, "Running in FIPS mode");
@@ -717,6 +719,8 @@ void * tls_init(const struct tls_config *conf)
 		if (conf && conf->fips_mode) {
 			wpa_printf(MSG_ERROR, "FIPS mode requested, but not "
 				   "supported");
+			os_free(tls_global);
+			tls_global = NULL;
 			return NULL;
 		}
 #endif /* OPENSSL_FIPS */