From: Matt Caswell <matt@openssl.org>
Date: Tue, 27 Jul 2021 15:31:20 +0000 (+0100)
Subject: Don't leak the OSSL_LIB_CTX in the event of a failure to load the FIPS module
X-Git-Tag: openssl-3.0.0-beta2~9
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=09f38299ccc006e0ce7e94897250e995ec2fc337;p=thirdparty%2Fopenssl.git

Don't leak the OSSL_LIB_CTX in the event of a failure to load the FIPS module

Ensure we free the OSSL_LIB_CTX on the error path.

Fixes #16163

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16168)
---

diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index 4155b641974..b69299e0466 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -712,6 +712,7 @@ int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle,
     return 1;
  err:
     fips_teardown(*provctx);
+    OSSL_LIB_CTX_free(libctx);
     *provctx = NULL;
     return 0;
 }