ASN.1 BIO: properly wire up prefix_free and suffix_free

If something goes wrong before the ASN.1 BIO state machine has passed
both flushing states, asn1_bio_free() forgets to free the ndef_aux
and the ex_arg since the prefix_free() and suffix_free callbacks are
not called.

This can lead to leaks, notably in streaming bios.

Part of https://github.com/openssl/openssl/pull/15999
I have a regress covering this but it is not yet ready to land.

ok beck jsing

1 files changed, 7 insertions, 1 deletions

diff --git a/src/lib/libcrypto/asn1/bio_asn1.c b/src/lib/libcrypto/asn1/bio_asn1.c
index 05bc1f7ad3..21f33ecfc9 100644
--- a/src/lib/libcrypto/asn1/bio_asn1.c
+++ b/src/lib/libcrypto/asn1/bio_asn1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bio_asn1.c,v 1.18 2023/03/04 11:58:29 tb Exp $ */
+/* $OpenBSD: bio_asn1.c,v 1.19 2023/03/10 11:55:38 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -177,6 +177,12 @@ asn1_bio_free(BIO *b)
         ctx = (BIO_ASN1_BUF_CTX *) b->ptr;
         if (ctx == NULL)
                 return 0;
+
+        if (ctx->prefix_free != NULL)
+                ctx->prefix_free(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg);
+        if (ctx->suffix_free != NULL)
+                ctx->suffix_free(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg);
+
         free(ctx->buf);
         free(ctx);
         b->init = 0;