Commit 6000ce9245 for openssl.org
commit 6000ce924519ed48d6ee39f812cd212e24c6733e
Author: Alexandr Nedvedicky <sashan@openssl.org>
Date: Thu Apr 9 15:50:01 2026 +0200
quic_channel.c: fix potential memory leak on failure in ossl_quic_channel_alloc
Add missing OPENSSL_free() in error path.
Fixes: 35dc6c353bf "QUIC: Make more transport parameters configurable"
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.foundation>
MergeDate: Mon May 11 00:23:13 2026
(Merged from https://github.com/openssl/openssl/pull/30754)
diff --git a/ssl/quic/quic_channel.c b/ssl/quic/quic_channel.c
index fe819b4b2f..4c299a53e5 100644
--- a/ssl/quic/quic_channel.c
+++ b/ssl/quic/quic_channel.c
@@ -434,7 +434,7 @@ void ossl_quic_channel_bind_qrx(QUIC_CHANNEL *tserver_ch, OSSL_QRX *qrx)
QUIC_CHANNEL *ossl_quic_channel_alloc(const QUIC_CHANNEL_ARGS *args)
{
- QUIC_CHANNEL *ch = NULL;
+ QUIC_CHANNEL *ch;
if ((ch = OPENSSL_zalloc(sizeof(*ch))) == NULL)
return NULL;
@@ -450,10 +450,8 @@ QUIC_CHANNEL *ossl_quic_channel_alloc(const QUIC_CHANNEL_ARGS *args)
ch->use_qlog = args->use_qlog;
if (ch->use_qlog && args->qlog_title != NULL) {
- if ((ch->qlog_title = OPENSSL_strdup(args->qlog_title)) == NULL) {
- OPENSSL_free(ch);
- return NULL;
- }
+ if ((ch->qlog_title = OPENSSL_strdup(args->qlog_title)) == NULL)
+ goto err;
}
#endif
@@ -473,10 +471,18 @@ QUIC_CHANNEL *ossl_quic_channel_alloc(const QUIC_CHANNEL_ARGS *args)
if (!ossl_quic_rxfc_init(&ch->conn_rxfc, NULL,
ch->tx_init_max_data,
DEFAULT_CONN_RXFC_MAX_WND_MUL * ch->tx_init_max_data,
- get_time, ch))
- return NULL;
+ get_time, ch)) {
+ goto err;
+ }
return ch;
+
+err:
+#ifndef OPENSSL_NO_QLOG
+ OPENSSL_free(ch->qlog_title);
+#endif
+ OPENSSL_free(ch);
+ return NULL;
}
void ossl_quic_channel_free(QUIC_CHANNEL *ch)