From 44ed550ca5e0b6e9358fa1dc3fe19cf4014eb338 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Fri, 7 Mar 2025 11:01:12 +0000
Subject: _CONF_new_section: error check hash insertion

Don't leak v if its insertion into the hash failed and properly free it
instead.

ok jsing
---
 src/lib/libcrypto/conf/conf_api.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/lib/libcrypto/conf/conf_api.c b/src/lib/libcrypto/conf/conf_api.c
index 511f9d6470..5ed2a6332d 100644
--- a/src/lib/libcrypto/conf/conf_api.c
+++ b/src/lib/libcrypto/conf/conf_api.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: conf_api.c,v 1.24 2025/03/07 10:57:29 tb Exp $ */
+/* $OpenBSD: conf_api.c,v 1.25 2025/03/07 11:01:12 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -259,11 +259,15 @@ _CONF_new_section(CONF *conf, const char *section)
 
 	vv = lh_CONF_VALUE_insert(conf->data, v);
 	OPENSSL_assert(vv == NULL);
+	if (lh_CONF_VALUE_error(conf->data))
+		goto err;
 
 	return v;
 
  err:
 	sk_CONF_VALUE_free(sk);
+	if (v != NULL)
+		free(v->section);
 	free(v);
 
 	return NULL;
-- 
cgit v1.2.3-55-g6feb