Commit b0912c27fd for openssl.org
commit b0912c27fd865751e4c2a940a4523e3738d2ef42
Author: huanghuihui0904 <625173@qq.com>
Date: Mon Mar 16 14:46:20 2026 +0800
ssl/quic/quic_port.c: fix leak in port_make_channel()
Free pre-existing ch->qlog_title before OPENSSL_strdup to avoid
leaking the value allocated in ossl_quic_channel_alloc(). Use
ossl_quic_channel_free() on strdup failure to ensure proper cleanup.
Solves https://github.com/openssl/openssl/issues/30440
Fixes #30440
Signed-off-by: huanghuihui0904 <625173@qq.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Saša NedvÄ›dický <sashan@openssl.org>
MergeDate: Mon Apr 27 07:21:11 2026
(Merged from https://github.com/openssl/openssl/pull/30441)
diff --git a/ssl/quic/quic_port.c b/ssl/quic/quic_port.c
index e9af8b21b2..d4f40a9561 100644
--- a/ssl/quic/quic_port.c
+++ b/ssl/quic/quic_port.c
@@ -610,8 +610,9 @@ static QUIC_CHANNEL *port_make_channel(QUIC_PORT *port, SSL *tls, OSSL_QRX *qrx,
*/
ch->use_qlog = 1;
if (ch->tls != NULL && ch->tls->ctx->qlog_title != NULL) {
+ OPENSSL_free(ch->qlog_title);
if ((ch->qlog_title = OPENSSL_strdup(ch->tls->ctx->qlog_title)) == NULL) {
- OPENSSL_free(ch);
+ ossl_quic_channel_free(ch);
return NULL;
}
}