Fix ssl_ctx_make_profiles error handling.
It didn't clean up |profiles| on error or check for
sk_SRTP_PROTECTION_PROFILE_push failures.
Change-Id: I44d7f64896ad73347fbb0fc79752be4de70d3ab7
Reviewed-on: https://boringssl-review.googlesource.com/11323
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c
index 324bff7..1085377 100644
--- a/ssl/d1_srtp.c
+++ b/ssl/d1_srtp.c
@@ -160,27 +160,27 @@
static int ssl_ctx_make_profiles(const char *profiles_string,
STACK_OF(SRTP_PROTECTION_PROFILE) **out) {
- STACK_OF(SRTP_PROTECTION_PROFILE) *profiles;
-
- const char *col;
- const char *ptr = profiles_string;
-
- profiles = sk_SRTP_PROTECTION_PROFILE_new_null();
+ STACK_OF(SRTP_PROTECTION_PROFILE) *profiles =
+ sk_SRTP_PROTECTION_PROFILE_new_null();
if (profiles == NULL) {
OPENSSL_PUT_ERROR(SSL, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
return 0;
}
+ const char *col;
+ const char *ptr = profiles_string;
do {
- const SRTP_PROTECTION_PROFILE *p;
-
col = strchr(ptr, ':');
- if (find_profile_by_name(ptr, &p,
- col ? (size_t)(col - ptr) : strlen(ptr))) {
- sk_SRTP_PROTECTION_PROFILE_push(profiles, p);
- } else {
+
+ const SRTP_PROTECTION_PROFILE *profile;
+ if (!find_profile_by_name(ptr, &profile,
+ col ? (size_t)(col - ptr) : strlen(ptr))) {
OPENSSL_PUT_ERROR(SSL, SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
- return 0;
+ goto err;
+ }
+
+ if (!sk_SRTP_PROTECTION_PROFILE_push(profiles, profile)) {
+ goto err;
}
if (col) {
@@ -190,8 +190,11 @@
sk_SRTP_PROTECTION_PROFILE_free(*out);
*out = profiles;
-
return 1;
+
+err:
+ sk_SRTP_PROTECTION_PROFILE_free(profiles);
+ return 0;
}
int SSL_CTX_set_srtp_profiles(SSL_CTX *ctx, const char *profiles) {
