Fix memory leak in s2_srvr.c if BUF_MEM_grow fails
authorMatt Caswell <matt@openssl.org>
Fri, 12 Dec 2014 11:05:21 +0000 (11:05 +0000)
committerMatt Caswell <matt@openssl.org>
Sat, 13 Dec 2014 00:05:52 +0000 (00:05 +0000)
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit d04a1e0b5beb3329cdf8c4ec35b9113cbc41d2f2)

ssl/s2_srvr.c

index 2cba426bb7efdef03b0407faa44145c012a9dee8..59ced3f3052f36e3f00a353a17f20e90a1288401 100644 (file)
@@ -188,13 +188,21 @@ int ssl2_accept(SSL *s)
                        s->version=SSL2_VERSION;
                        s->type=SSL_ST_ACCEPT;
 
-                       buf=s->init_buf;
-                       if ((buf == NULL) && ((buf=BUF_MEM_new()) == NULL))
-                               { ret= -1; goto end; }
-                       if (!BUF_MEM_grow(buf,(int)
-                               SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
-                               { ret= -1; goto end; }
-                       s->init_buf=buf;
+                       if(s->init_buf == NULL)
+                               {
+                               if ((buf=BUF_MEM_new()) == NULL)
+                                       {
+                                       ret= -1;
+                                       goto end;
+                                       }
+                               if (!BUF_MEM_grow(buf,(int) SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
+                                       {
+                                       BUF_MEM_free(buf);
+                                       ret= -1;
+                                       goto end;
+                                       }
+                               s->init_buf=buf;
+                               }
                        s->init_num=0;
                        s->ctx->stats.sess_accept++;
                        s->handshake_func=ssl2_accept;