Fix memory leak on error.

Thanks to Shi Lei (Gear Team, Qihoo 360 Inc.) for reporting this bug.

Reviewed-by: Rich Salz <rsalz@openssl.org>

diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index 35cc27c5e9855e02737d5f978dbbecc3f2814bed..499f0e85addf2e7dde1eee030a5678b61e391032 100644 (file)
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -527,6 +527,9 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
         if (os.length > SSL_MAX_SID_CTX_LENGTH) {
             c.error = SSL_R_BAD_LENGTH;
             c.line = __LINE__;
+            OPENSSL_free(os.data);
+            os.data = NULL;
+            os.length = 0;
             goto err;
         } else {
             ret->sid_ctx_length = os.length;