commit 8af663956519f7302284c0c36b413c0495986e14
author David Benjamin <davidben@chromium.org> Tue Jul 01 17:59:34 2014 -0400
committer Adam Langley <agl@google.com> Wed Jul 02 22:55:24 2014 +0000
tree 908e8b98c8728f33b08308b4ca7f6153d6b85c04
parent 197b3abaa8e1a1954a5bf16edacf49305b1bada1

Fix leak in ssl_parse_clienthello_use_srtp_ext.

If parsing the MKI value fails, clnt is never freed.

Change-Id: Ic85edf0d6efc54ca0828f333bc389c0dbf58f491
Reviewed-on: https://boringssl-review.googlesource.com/1072
Reviewed-by: Adam Langley <agl@google.com>

ssl/d1_srtp.c

diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c
index fb5d1e7..bcbae1a 100644
--- a/ssl/d1_srtp.c
+++ b/ssl/d1_srtp.c
@@ -313,15 +313,15 @@
         int mki_len;
 	int i,j;
 	int id;
-	int ret;
+	int ret = 1;
 
          /* Length value + the MKI length */
         if(len < 3)
 		{            
 		OPENSSL_PUT_ERROR(SSL, ssl_parse_clienthello_use_srtp_ext, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
 		*al=SSL_AD_DECODE_ERROR;
-		return 1;
-                }
+		goto done;
+		}
 
         /* Pull off the length of the cipher suite list */
         n2s(d, ct);
@@ -332,7 +332,7 @@
 		{
 		OPENSSL_PUT_ERROR(SSL, ssl_parse_clienthello_use_srtp_ext, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
 		*al=SSL_AD_DECODE_ERROR;
-		return 1;
+		goto done;
 		}
         
         /* Check that lengths are consistent */
@@ -340,7 +340,7 @@
 		{
 		OPENSSL_PUT_ERROR(SSL, ssl_parse_clienthello_use_srtp_ext, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
 		*al=SSL_AD_DECODE_ERROR;
-		return 1;
+		goto done;
 		}
 
         
@@ -370,7 +370,7 @@
 		{
 		OPENSSL_PUT_ERROR(SSL, ssl_parse_clienthello_use_srtp_ext, SSL_R_BAD_SRTP_MKI_VALUE);
 		*al=SSL_AD_DECODE_ERROR;
-		return 1;
+		goto done;
 		}
 
 	srvr=SSL_get_srtp_profiles(s);