From: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Wed, 15 Nov 2023 18:46:17 +0000 (+0100)
Subject: Fix a possible memory leak in dane_tlsa_add
X-Git-Tag: openssl-3.3.0-alpha1~603
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=e4a94bcc77f3fda0f185e62a73a66d9b9b9388f5

Fix a possible memory leak in dane_tlsa_add

Several error cases leak either the X509 object
or the pkey or the danetls_record object.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22743)
---

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 5314e1ec0d..70d3b17c19 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -327,11 +327,13 @@ static int dane_tlsa_add(SSL_DANE *dane,
         case DANETLS_SELECTOR_CERT:
             if (!d2i_X509(&cert, &p, ilen) || p < data ||
                 dlen != (size_t)(p - data)) {
+                X509_free(cert);
                 tlsa_free(t);
                 ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
                 return 0;
             }
             if (X509_get0_pubkey(cert) == NULL) {
+                X509_free(cert);
                 tlsa_free(t);
                 ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
                 return 0;
@@ -339,6 +341,7 @@ static int dane_tlsa_add(SSL_DANE *dane,
 
             if ((DANETLS_USAGE_BIT(usage) & DANETLS_TA_MASK) == 0) {
                 X509_free(cert);
+                tlsa_free(t);
                 break;
             }
 
@@ -362,6 +365,7 @@ static int dane_tlsa_add(SSL_DANE *dane,
         case DANETLS_SELECTOR_SPKI:
             if (!d2i_PUBKEY(&pkey, &p, ilen) || p < data ||
                 dlen != (size_t)(p - data)) {
+                EVP_PKEY_free(pkey);
                 tlsa_free(t);
                 ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY);
                 return 0;