From 943d395952de253045ea73d7602b2f0dfc1ea2bf Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Tue, 3 Jan 2017 14:37:18 +0100
Subject: status_request: eliminated leak on error path

Issue found using oss-fuzz:
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=269

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 lib/ext/status_request.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

(limited to 'lib')

diff --git a/lib/ext/status_request.c b/lib/ext/status_request.c
index 5b9a71d898..f5a46dca23 100644
--- a/lib/ext/status_request.c
+++ b/lib/ext/status_request.c
@@ -689,18 +689,23 @@ int _gnutls_recv_server_certificate_status(gnutls_session_t session)
 	data_size = buf.length;
 
 	/* minimum message is type (1) + response (3) + data */
-	if (data_size == 0)
-		return 0;
-	else if (data_size < 4)
-		return
+	if (data_size == 0) {
+		ret = 0;
+		goto error;
+	} else if (data_size < 4) {
+		ret =
 		    gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+		goto error;
+	}
 
 	if (data[0] != 0x01) {
 		gnutls_assert();
 		_gnutls_handshake_log("EXT[%p]: unknown status_type %d\n",
 				      session, data[0]);
-		return 0;
+		ret = 0;
+		goto error;
 	}
+
 	DECR_LENGTH_COM(data_size, 1, ret =
 			GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
 			goto error);
-- 
cgit v1.2.1