Ensure that memory allocated for the ticket is freed

If a call to EVP_DecryptUpdate fails then a memory leak could occur.
Ensure that the memory is freed appropriately.

Issue reported by Guido Vranken.

Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Matt Caswell 2016-03-15 11:38:56 +00:00
parent ffe9150b15
commit d1247df266

View File

@ -3162,6 +3162,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
if (sdec == NULL
|| EVP_DecryptUpdate(ctx, sdec, &slen, p, eticklen) <= 0) {
EVP_CIPHER_CTX_free(ctx);
OPENSSL_free(sdec);
return -1;
}
if (EVP_DecryptFinal(ctx, sdec + slen, &mlen) <= 0) {