Fix error handling in CRYPTO_get_ex_new_index

If an out of memory error happens when the index zero is reserved in a newly created ip->meth stack object, that reservation is not done in a second attempt, which makes various X_set_ex_data overwrite the value of X_set_app_data. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #22149)
openssl · Sep 21, 2023 · d4f22a9 · d4f22a9
1 parent 8c040c0
commit d4f22a9
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/crypto/ex_data.c b/crypto/ex_data.c
@@ -171,6 +171,8 @@ int ossl_crypto_get_ex_new_index_ex(OSSL_LIB_CTX *ctx, int class_index,
          * "app_data" routines use ex_data index zero.  See RT 3710. */
         if (ip->meth == NULL
             || !sk_EX_CALLBACK_push(ip->meth, NULL)) {
+            sk_EX_CALLBACK_free(ip->meth);
+            ip->meth = NULL;
             ERR_raise(ERR_LIB_CRYPTO, ERR_R_CRYPTO_LIB);
             goto err;
         }