]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f1a95ba)
ssl/statem/statem_dtls.c: fix leak in dtls1_buffer_message()
authorhuanghuihui0904 <625173@qq.com>
Mon, 16 Mar 2026 07:16:21 +0000 (15:16 +0800)
committerEugene Syromiatnikov <esyr@openssl.org>
Sat, 21 Mar 2026 23:14:35 +0000 (00:14 +0100)
pqueue_insert() may fail, but its return value was not checked. This could leak the allocated pitem and handshake fragment. Free them when insertion fails, using pitem_free() for proper cleanup.

Solves https://github.com/openssl/openssl/issues/30442

Fixes #30442

Signed-off-by: huanghuihui0904 <625173@qq.com>
Reviewed-by: Matt Caswell <matt@openssl.foundation>
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Sat Mar 21 23:14:42 2026
(Merged from https://github.com/openssl/openssl/pull/30443)

ssl/statem/statem_dtls.c patch | blob | blame | history

diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c
index 4052ef6219b8bba77d5ba96d8597501f2dd0b11a..67c92b8f73b78867f70d7c574da8a78d63bd431c 100644 (file)
--- a/ssl/statem/statem_dtls.c
+++ b/ssl/statem/statem_dtls.c
@@ -1177,7 +1177,11 @@ int dtls1_buffer_message(SSL_CONNECTION *s, int is_ccs)
         return 0;
     }
 
-    pqueue_insert(s->d1->sent_messages, item);
+    if (pqueue_insert(s->d1->sent_messages, item) == NULL) {
+        dtls1_hm_fragment_free(frag);
+        pitem_free(item);
+        return 0;
+    }
     return 1;
 }
 
Mirror of https://github.com/openssl/openssl.git