Fix memory leak on realloc error.

Backport leak fix from master branch.

Thanks to Shi Lei (Gear Team, Qihoo 360 Inc.) for reporting this bug.

Reviewed-by: Rich Salz <rsalz@openssl.org>

diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 82022470bfd7752cb08b4daa075361f0fc5a58b3..f679801a297c8f35073c93aca8a93a4573cd89e0 100644 (file)
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -912,6 +912,8 @@ static int serverinfo_process_buffer(const unsigned char *serverinfo,
 int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
                            size_t serverinfo_length)
 {
+    unsigned char *new_serverinfo;
+
     if (ctx == NULL || serverinfo == NULL || serverinfo_length == 0) {
         SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO, ERR_R_PASSED_NULL_PARAMETER);
         return 0;
@@ -928,12 +930,13 @@ int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
         SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO, ERR_R_INTERNAL_ERROR);
         return 0;
     }
-    ctx->cert->key->serverinfo = OPENSSL_realloc(ctx->cert->key->serverinfo,
-                                                 serverinfo_length);
-    if (ctx->cert->key->serverinfo == NULL) {
+    new_serverinfo = OPENSSL_realloc(ctx->cert->key->serverinfo,
+                                     serverinfo_length);
+    if (new_serverinfo == NULL) {
         SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO, ERR_R_MALLOC_FAILURE);
         return 0;
     }
+    ctx->cert->key->serverinfo = new_serverinfo;
     memcpy(ctx->cert->key->serverinfo, serverinfo, serverinfo_length);
     ctx->cert->key->serverinfo_length = serverinfo_length;