From: Dr. Stephen Henson <steve@openssl.org>
Date: Wed, 14 Sep 2016 22:42:55 +0000 (+0100)
Subject: Fix memory leak on realloc error.
X-Git-Tag: OpenSSL_1_0_2i~25
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d69247598991c61dfb68d4fe3b08346b02644812;p=openssl

Fix memory leak on realloc error.

Backport leak fix from master branch.

Thanks to Shi Lei (Gear Team, Qihoo 360 Inc.) for reporting this bug.

Reviewed-by: Rich Salz <rsalz@openssl.org>
---

diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 82022470bf..f679801a29 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -912,6 +912,8 @@ static int serverinfo_process_buffer(const unsigned char *serverinfo,
 int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
                            size_t serverinfo_length)
 {
+    unsigned char *new_serverinfo;
+
     if (ctx == NULL || serverinfo == NULL || serverinfo_length == 0) {
         SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO, ERR_R_PASSED_NULL_PARAMETER);
         return 0;
@@ -928,12 +930,13 @@ int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
         SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO, ERR_R_INTERNAL_ERROR);
         return 0;
     }
-    ctx->cert->key->serverinfo = OPENSSL_realloc(ctx->cert->key->serverinfo,
-                                                 serverinfo_length);
-    if (ctx->cert->key->serverinfo == NULL) {
+    new_serverinfo = OPENSSL_realloc(ctx->cert->key->serverinfo,
+                                     serverinfo_length);
+    if (new_serverinfo == NULL) {
         SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO, ERR_R_MALLOC_FAILURE);
         return 0;
     }
+    ctx->cert->key->serverinfo = new_serverinfo;
     memcpy(ctx->cert->key->serverinfo, serverinfo, serverinfo_length);
     ctx->cert->key->serverinfo_length = serverinfo_length;