Fix possible memory leak on error

The two places that call `ossl_ssl_init()` assume that no additional
memory has been allocated when this fails; they subsequently free
the QUIC_CONNECTION/SSL_CONNECTION via OPENSSL_free() without freeing
any other resources.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20316)

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 25497985988a06b456d1f4620a1caa7bbef334b5..44ba62ffde2135999371345057b3c9bdbfbae4c9 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -712,14 +712,17 @@ int ossl_ssl_init(SSL *ssl, SSL_CTX *ctx, const SSL_METHOD *method, int type)
     if (ssl->lock == NULL)
         return 0;
 
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, ssl, &ssl->ex_data)) {
+        CRYPTO_THREAD_lock_free(ssl->lock);
+        ssl->lock = NULL;
+        return 0;
+    }
+
     SSL_CTX_up_ref(ctx);
     ssl->ctx = ctx;
 
     ssl->defltmeth = ssl->method = method;
 
-    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, ssl, &ssl->ex_data))
-        return 0;
-
     return 1;
 }