Commit 3b93479f authored by Matt Caswell's avatar Matt Caswell
Browse files

Ensure that memory allocated for the ticket is freed 



If a call to EVP_DecryptUpdate fails then a memory leak could occur.
Ensure that the memory is freed appropriately.

Issue reported by Guido Vranken.

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
parent e78dc7e2

ssl/t1_lib.c

+3 −1
Original line number Diff line number Diff line
@@ -3415,8 +3415,10 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, 
    p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);

    eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx);

    sdec = OPENSSL_malloc(eticklen);

    if (!sdec || EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen) <= 0) {

    if (sdec == NULL

            || EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen) <= 0) {

        EVP_CIPHER_CTX_cleanup(&ctx);

        OPENSSL_free(sdec);

        return -1;

    }

    if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) {