Fix a DTLS memory leak

Fixes #7428

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7431)

(cherry picked from commit 01666a8c1db3ecfb999e1a8f2c5436d114f95681)

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index ac5fd09134ffe96657ace45414ef66c81ab87008..7d0e9d0ba8756466a562a2c14489adfc442ee9f3 100644 (file)
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1519,8 +1519,10 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
              * So check cookie length...
              */
             if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
-                if (clienthello->dtls_cookie_len == 0)
+                if (clienthello->dtls_cookie_len == 0) {
+                    OPENSSL_free(clienthello);
                     return MSG_PROCESS_FINISHED_READING;
+                }
             }
         }