From d4f22a915ac50570015a23ad794032c4fb9496cb Mon Sep 17 00:00:00 2001 From: Bernd Edlinger Date: Tue, 19 Sep 2023 20:15:18 +0200 Subject: [PATCH] Fix error handling in CRYPTO_get_ex_new_index If an out of memory error happens when the index zero is reserved in a newly created ip->meth stack object, that reservation is not done in a second attempt, which makes various X_set_ex_data overwrite the value of X_set_app_data. Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/22149) --- crypto/ex_data.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/ex_data.c b/crypto/ex_data.c index c9ec9d3337..0412f38e9b 100644 --- a/crypto/ex_data.c +++ b/crypto/ex_data.c @@ -171,6 +171,8 @@ int ossl_crypto_get_ex_new_index_ex(OSSL_LIB_CTX *ctx, int class_index, * "app_data" routines use ex_data index zero. See RT 3710. */ if (ip->meth == NULL || !sk_EX_CALLBACK_push(ip->meth, NULL)) { + sk_EX_CALLBACK_free(ip->meth); + ip->meth = NULL; ERR_raise(ERR_LIB_CRYPTO, ERR_R_CRYPTO_LIB); goto err; }