Commit 41bff723 authored by Matt Caswell's avatar Matt Caswell
Browse files

Don't leak on an OPENSSL_realloc() failure 



If OPENSSL_sk_insert() calls OPENSSL_realloc() and it fails, it was leaking
the originally allocated memory.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent af58be76

crypto/stack/stack.c

+6 −10
Original line number Diff line number Diff line
@@ -126,6 +126,7 @@ int OPENSSL_sk_insert(OPENSSL_STACK *st, const void *data, int loc) 


    if (st->num_alloc <= (size_t)(st->num + 1)) {

        size_t doub_num_alloc = st->num_alloc * 2;

        const char **tmpdata;



        /* Overflow checks */

        if (doub_num_alloc < st->num_alloc)
@@ -135,17 +136,12 @@ int OPENSSL_sk_insert(OPENSSL_STACK *st, const void *data, int loc) 
        if (doub_num_alloc > SIZE_MAX / sizeof(char *))

            return 0;



        st->data = OPENSSL_realloc((char *)st->data,

        tmpdata = OPENSSL_realloc((char *)st->data,

                                  sizeof(char *) * doub_num_alloc);

        if (st->data == NULL) {

            /*

             * Reset these counters to prevent subsequent operations on

             * (now non-existing) heap memory

             */

            st->num_alloc = 0;

            st->num = 0;

        if (tmpdata == NULL)

            return 0;

        }



        st->data = tmpdata;

        st->num_alloc = doub_num_alloc;

    }

    if ((loc >= st->num) || (loc < 0)) {