romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-23 05:32:12 +03:00
Code Issues Projects Releases Packages Wiki Activity

openssl: fix resource leak in provider error path

Browse source 
Pointed out by ZeroPath

Closes #19111
This commit is contained in:
Daniel Stenberg 2025-10-18 00:01:26 +02:00
parent 3087511b0f
commit b9b8a7a5df
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
1 changed files with 6 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

8
lib/vtls/openssl.c
View file

@ -1473,6 +1473,8 @@ static int providerload(struct Curl_easy *data,
OSSL_STORE_CTX *store =
OSSL_STORE_open_ex(cert_file, data->state.libctx,
NULL, NULL, NULL, NULL, NULL, NULL);
int rc;
if(!store) {
failf(data, "Failed to open OpenSSL store: %s",
ossl_strerror(ERR_get_error(), error_buffer,
@ -1501,13 +1503,15 @@ static int providerload(struct Curl_easy *data,
return 0;
}
if(SSL_CTX_use_certificate(ctx, cert) != 1) {
rc = SSL_CTX_use_certificate(ctx, cert);
X509_free(cert); /* we do not need the handle any more... */
if(rc != 1) {
failf(data, "unable to set client certificate [%s]",
ossl_strerror(ERR_get_error(), error_buffer,
sizeof(error_buffer)));
return 0;
}
X509_free(cert); /* we do not need the handle any more... */
}
else {
failf(data, "crypto provider not set, cannot load certificate");