Fix leak in ssl_parse_clienthello_use_srtp_ext.
If parsing the MKI value fails, clnt is never freed.
Change-Id: Ic85edf0d6efc54ca0828f333bc389c0dbf58f491
Reviewed-on: https://boringssl-review.googlesource.com/1072
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c
index fb5d1e7..bcbae1a 100644
--- a/ssl/d1_srtp.c
+++ b/ssl/d1_srtp.c
@@ -313,15 +313,15 @@
int mki_len;
int i,j;
int id;
- int ret;
+ int ret = 1;
/* Length value + the MKI length */
if(len < 3)
{
OPENSSL_PUT_ERROR(SSL, ssl_parse_clienthello_use_srtp_ext, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
*al=SSL_AD_DECODE_ERROR;
- return 1;
- }
+ goto done;
+ }
/* Pull off the length of the cipher suite list */
n2s(d, ct);
@@ -332,7 +332,7 @@
{
OPENSSL_PUT_ERROR(SSL, ssl_parse_clienthello_use_srtp_ext, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
*al=SSL_AD_DECODE_ERROR;
- return 1;
+ goto done;
}
/* Check that lengths are consistent */
@@ -340,7 +340,7 @@
{
OPENSSL_PUT_ERROR(SSL, ssl_parse_clienthello_use_srtp_ext, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
*al=SSL_AD_DECODE_ERROR;
- return 1;
+ goto done;
}
@@ -370,7 +370,7 @@
{
OPENSSL_PUT_ERROR(SSL, ssl_parse_clienthello_use_srtp_ext, SSL_R_BAD_SRTP_MKI_VALUE);
*al=SSL_AD_DECODE_ERROR;
- return 1;
+ goto done;
}
srvr=SSL_get_srtp_profiles(s);