From 7f6c46ac83686766baa89c1023c4866568f3ebc3 Mon Sep 17 00:00:00 2001 From: miod <> Date: Mon, 14 Jul 2014 08:21:47 +0000 Subject: Fix memory leak upon error in ssl_parse_clienthello_use_srtp_ext(). From BoringSSL. --- src/lib/libssl/d1_srtp.c | 12 ++++++------ src/lib/libssl/src/ssl/d1_srtp.c | 12 ++++++------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/src/lib/libssl/d1_srtp.c b/src/lib/libssl/d1_srtp.c index c39cb95f19..3492b7d1d0 100644 --- a/src/lib/libssl/d1_srtp.c +++ b/src/lib/libssl/d1_srtp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srtp.c,v 1.7 2014/06/29 12:25:47 jsing Exp $ */ +/* $OpenBSD: d1_srtp.c,v 1.8 2014/07/14 08:21:47 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -299,14 +299,14 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al) int mki_len; int i, j; int id; - int ret; + int ret = 1; /* Length value + the MKI length */ if (len < 3) { SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); *al = SSL_AD_DECODE_ERROR; - return 1; + goto done; } /* Pull off the length of the cipher suite list */ @@ -318,7 +318,7 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al) SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); *al = SSL_AD_DECODE_ERROR; - return 1; + goto done; } /* Check that lengths are consistent */ @@ -326,7 +326,7 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al) SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); *al = SSL_AD_DECODE_ERROR; - return 1; + goto done; } @@ -354,7 +354,7 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al) SSL_R_BAD_SRTP_MKI_VALUE); *al = SSL_AD_DECODE_ERROR; sk_SRTP_PROTECTION_PROFILE_free(clnt); - return 1; + goto done; } srvr = SSL_get_srtp_profiles(s); diff --git a/src/lib/libssl/src/ssl/d1_srtp.c b/src/lib/libssl/src/ssl/d1_srtp.c index c39cb95f19..3492b7d1d0 100644 --- a/src/lib/libssl/src/ssl/d1_srtp.c +++ b/src/lib/libssl/src/ssl/d1_srtp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srtp.c,v 1.7 2014/06/29 12:25:47 jsing Exp $ */ +/* $OpenBSD: d1_srtp.c,v 1.8 2014/07/14 08:21:47 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -299,14 +299,14 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al) int mki_len; int i, j; int id; - int ret; + int ret = 1; /* Length value + the MKI length */ if (len < 3) { SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); *al = SSL_AD_DECODE_ERROR; - return 1; + goto done; } /* Pull off the length of the cipher suite list */ @@ -318,7 +318,7 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al) SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); *al = SSL_AD_DECODE_ERROR; - return 1; + goto done; } /* Check that lengths are consistent */ @@ -326,7 +326,7 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al) SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); *al = SSL_AD_DECODE_ERROR; - return 1; + goto done; } @@ -354,7 +354,7 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al) SSL_R_BAD_SRTP_MKI_VALUE); *al = SSL_AD_DECODE_ERROR; sk_SRTP_PROTECTION_PROFILE_free(clnt); - return 1; + goto done; } srvr = SSL_get_srtp_profiles(s); -- cgit v1.2.3-55-g6feb