Fixed memory leak if BUF_MEM_grow fails

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>

diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index aef38bb75429817e8c2b2c018795f2c45330d882..0cdc51be23e63047fea2ebc5815ccef0e31c0c38 100644 (file)
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -251,6 +251,7 @@ int dtls1_accept(SSL *s)
                                        }
                                if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
                                        {
                                        }
                                if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
                                        {

+                                       BUF_MEM_free(buf);

                                        ret= -1;
                                        goto end;
                                        }
                                        ret= -1;
                                        goto end;
                                        }

diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index 08aa5b6cf0882366c014b47290177dcbf3393458..6e44e0cd64ef4ff2fbb26558830e730fef2cbd6d 100644 (file)
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -185,6 +185,7 @@ int ssl23_accept(SSL *s)
                                        }
                                if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
                                        {
                                        }
                                if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
                                        {

+                                       BUF_MEM_free(buf);

                                        ret= -1;
                                        goto end;
                                        }
                                        ret= -1;
                                        goto end;
                                        }