From: Matt Caswell <matt@openssl.org>
Date: Thu, 26 May 2022 10:30:09 +0000 (+0100)
Subject: Fix another decoder mem leak on an error path
X-Git-Tag: openssl-3.2.0-alpha1~2586
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=da3193976380b8bd697a472025ff9f384cbca7af;p=thirdparty%2Fopenssl.git

Fix another decoder mem leak on an error path

If pushing the decoder onto a stack fails then we should free the ref
we just created.

Found due to the error report here:
https://github.com/openssl/openssl/pull/18355#issuecomment-1138205688

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18411)
---

diff --git a/crypto/encode_decode/decoder_lib.c b/crypto/encode_decode/decoder_lib.c
index 9dcbab10776..8863c316d6e 100644
--- a/crypto/encode_decode/decoder_lib.c
+++ b/crypto/encode_decode/decoder_lib.c
@@ -362,8 +362,9 @@ static void collect_all_decoders(OSSL_DECODER *decoder, void *arg)
 {
     STACK_OF(OSSL_DECODER) *skdecoders = arg;
 
-    if (OSSL_DECODER_up_ref(decoder))
-        sk_OSSL_DECODER_push(skdecoders, decoder);
+    if (OSSL_DECODER_up_ref(decoder)
+            && !sk_OSSL_DECODER_push(skdecoders, decoder))
+        OSSL_DECODER_free(decoder);
 }
 
 static void collect_extra_decoder(OSSL_DECODER *decoder, void *arg)