Fixes #20278: Fixed double free bug in crypto/http/http_client.c

CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20351)
author: Jeeban Sethi <jeeban@Jeebans-MacBook-Air.local> 2023-02-21 21:31:43 +0530
committer: Pauli <pauli@openssl.org> 2023-02-23 20:07:35 +1100
commit: 7fed5193d242938d9ac5a0c1cb32b22b33379a06 (patch)
tree: 662267d7addcc27abbc581da4f769f2f21f57653 /crypto
parent: 0c9646ec373e7f3f9b07f218a348ecb82219eaa7 (diff)
download: openssl-new-7fed5193d242938d9ac5a0c1cb32b22b33379a06.tar.gz
1 files changed, 8 insertions, 3 deletions
diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c
index b955e5242d..ee0403eee1 100644
--- a/crypto/http/http_client.c
+++ b/crypto/http/http_client.c
@@ -1176,7 +1176,7 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
     char *port;
     char *path;
     int use_ssl;
-    OSSL_HTTP_REQ_CTX *rctx;
+    OSSL_HTTP_REQ_CTX *rctx = NULL;
     BIO *resp = NULL;
     time_t max_time = timeout > 0 ? time(NULL) + timeout : 0;
 
@@ -1202,10 +1202,12 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
                                         NULL /* req */,
                                         expected_ct, expect_asn1, max_resp_len,
                                         -1 /* use same max time (timeout) */,
-                                        0 /* no keep_alive */))
+                                        0 /* no keep_alive */)) {
                 OSSL_HTTP_REQ_CTX_free(rctx);
-            else
+                rctx = NULL;
+           } else {
                 resp = OSSL_HTTP_exchange(rctx, &redirection_url);
+           }
         }
         OPENSSL_free(path);
         if (resp == NULL && redirection_url != NULL) {
@@ -1220,6 +1222,7 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
                         OPENSSL_free(host);
                         OPENSSL_free(port);
                         (void)OSSL_HTTP_close(rctx, 1);
+                        rctx = NULL;
                         BIO_free(resp);
                         OPENSSL_free(current_url);
                         return NULL;
@@ -1229,6 +1232,7 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
                 OPENSSL_free(host);
                 OPENSSL_free(port);
                 (void)OSSL_HTTP_close(rctx, 1);
+                rctx = NULL;
                 continue;
             }
             /* if redirection not allowed, ignore it */
@@ -1238,6 +1242,7 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
         OPENSSL_free(port);
         if (!OSSL_HTTP_close(rctx, resp != NULL)) {
             BIO_free(resp);
+            rctx = NULL;
             resp = NULL;
         }
         break;
author	Jeeban Sethi <jeeban@Jeebans-MacBook-Air.local>	2023-02-21 21:31:43 +0530
committer	Pauli <pauli@openssl.org>	2023-02-23 20:07:35 +1100
commit	7fed5193d242938d9ac5a0c1cb32b22b33379a06 (patch)
tree	662267d7addcc27abbc581da4f769f2f21f57653 /crypto
parent	0c9646ec373e7f3f9b07f218a348ecb82219eaa7 (diff)
download	openssl-new-7fed5193d242938d9ac5a0c1cb32b22b33379a06.tar.gz