From 38f59bd1f1da9f5ef67044b35af26528e5b183dd Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Fri, 9 Sep 2016 10:53:39 +0100
Subject: [PATCH] Fix a mem leak in NPN handling

If a server sent multiple NPN extensions in a single ClientHello then a
mem leak can occur. This will only happen where the client has requested
NPN in the first place. It does not occur during renegotiation. Therefore
the maximum that could be leaked in a single connection with a malicious
server is 64k (the maximum size of the ServerHello extensions section). As
this is client side, only occurs if NPN has been requested and does not
occur during renegotiation this is unlikely to be exploitable.

Issue reported by Shi Lei.

Reviewed-by: Rich Salz <rsalz@openssl.org>
---
 ssl/t1_lib.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index e4b4e27dd7..7831046b92 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2722,6 +2722,11 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p,
                 *al = TLS1_AD_INTERNAL_ERROR;
                 return 0;
             }
+            /*
+             * Could be non-NULL if server has sent multiple NPN extensions in
+             * a single Serverhello
+             */
+            OPENSSL_free(s->next_proto_negotiated);
             s->next_proto_negotiated = OPENSSL_malloc(selected_len);
             if (!s->next_proto_negotiated) {
                 *al = TLS1_AD_INTERNAL_ERROR;
-- 
2.25.1