From: Matt Caswell <matt@openssl.org>
Date: Thu, 18 Jan 2024 12:25:47 +0000 (+0000)
Subject: Free the QUIC TLS object before freeing the channel
X-Git-Tag: openssl-3.3.0-alpha1~250
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f7f2b665cf91650deb28beb1145ea3eca7df67aa;p=thirdparty%2Fopenssl.git

Free the QUIC TLS object before freeing the channel

Freeing the QUIC TLS object may make calls back into QUIC so we should
free it first.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23256)
---

diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index fecd9525beb..c7f35aba292 100644
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -544,6 +544,8 @@ void ossl_quic_free(SSL *s)
     }
 #endif
 
+    SSL_free(ctx.qc->tls);
+
     ossl_quic_channel_free(ctx.qc->ch);
     ossl_quic_port_free(ctx.qc->port);
     ossl_quic_engine_free(ctx.qc->engine);
@@ -551,13 +553,15 @@ void ossl_quic_free(SSL *s)
     BIO_free_all(ctx.qc->net_rbio);
     BIO_free_all(ctx.qc->net_wbio);
 
-    /* Note: SSL_free calls OPENSSL_free(qc) for us */
-
-    SSL_free(ctx.qc->tls);
     quic_unlock(ctx.qc); /* tsan doesn't like freeing locked mutexes */
 #if defined(OPENSSL_THREADS)
     ossl_crypto_mutex_free(&ctx.qc->mutex);
 #endif
+
+    /*
+     * Note: SSL_free (that called this function) calls OPENSSL_free(ctx.qc) for
+     * us
+     */
 }
 
 /* SSL method init */