tls_decrypt_ticket(): memory leak and uncleaned EVP_CIPHER_CTX upon error.

2 files changed, 8 insertions, 2 deletions

diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c
index 0ea9ce752d..99298c1791 100644
--- a/src/lib/libssl/src/ssl/t1_lib.c
+++ b/src/lib/libssl/src/ssl/t1_lib.c
@@ -2133,8 +2133,11 @@ tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
                 return -1;
         }
         EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen);
-        if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0)
+        if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) {
+                free(sdec);
+                EVP_CIPHER_CTX_cleanup(&ctx);
                 return 2;
+        }
         slen += mlen;
         EVP_CIPHER_CTX_cleanup(&ctx);
         p = sdec;
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 0ea9ce752d..99298c1791 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -2133,8 +2133,11 @@ tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
                 return -1;
         }
         EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen);
-        if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0)
+        if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) {
+                free(sdec);
+                EVP_CIPHER_CTX_cleanup(&ctx);
                 return 2;
+        }
         slen += mlen;
         EVP_CIPHER_CTX_cleanup(&ctx);
         p = sdec;