git.ipfire.org Git - thirdparty/openssl.git/commit

]> git.ipfire.org Git - thirdparty/openssl.git/commit

projects / thirdparty / openssl.git / commit

author	Weidong Wang <kenazcharisma@gmail.com>
	Tue, 17 Mar 2026 17:23:58 +0000 (12:23 -0500)
committer	Weidong Wang <kenazcharisma@gmail.com>
	Tue, 17 Mar 2026 17:23:58 +0000 (12:23 -0500)
commit	96f424c439b20248940c27b5c9b0e4ee6bad1299
tree	be7ced73fea421015f44179984c9655d74f546da	tree \| snapshot
parent	81cc6cb97ef83ad138eebd47129368b9e963e8cd	commit \| diff

Fix SSL_SESSION leak in tls_parse_ctos_psk() on ticket error paths

Two early 'return 0' statements bypass the err: label cleanup that
calls SSL_SESSION_free(sess). When tls_decrypt_ticket() allocates an
SSL_SESSION but the decrypt_ticket_cb returns ABORT, the session is
leaked. Replace 'return 0' with 'goto err' so the existing cleanup
handles it.

ssl/statem/extensions_srvr.c

diff | blob | blame | history

Mirror of https://github.com/openssl/openssl.git

RSS Atom