Fix a leak in an error path in OSSL_DECODER_CTX_new_for_pkey()

Found via the reproducible error injection in #21668 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from #21723)
openssl · Aug 15, 2023 · 3d254b3 · 3d254b3
1 parent 643f542
commit 3d254b3
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/crypto/encode_decode/decoder_pkey.c b/crypto/encode_decode/decoder_pkey.c
@@ -835,12 +835,18 @@ OSSL_DECODER_CTX_new_for_pkey(EVP_PKEY **pkey,
         newcache->template = ctx;
 
         if (!CRYPTO_THREAD_write_lock(cache->lock)) {
+            ctx = NULL;
             ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_CRYPTO_LIB);
-            return NULL;
+            goto err;
         }
         res = lh_DECODER_CACHE_ENTRY_retrieve(cache->hashtable, &cacheent);
         if (res == NULL) {
-            lh_DECODER_CACHE_ENTRY_insert(cache->hashtable, newcache);
+            (void)lh_DECODER_CACHE_ENTRY_insert(cache->hashtable, newcache);
+            if (lh_DECODER_CACHE_ENTRY_error(cache->hashtable)) {
+                ctx = NULL;
+                ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_CRYPTO_LIB);
+                goto err;
+            }
         } else {
             /*
              * We raced with another thread to construct this and lost. Free