From 14ae88144521b9e3c22202c7967a19607fd91ff9 Mon Sep 17 00:00:00 2001
From: Timur Pocheptsov <timur.pocheptsov@qt.io>
Date: Tue, 26 Nov 2019 13:35:59 +0100
Subject: QSslSocket (OpenSSL) fix a resource leak
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Introduced by fe6e54fb1f5cda652b9489f740763f8d735621dd. The probability -> 0,
meaning malloc must fail to trigger it, but it is still a leak. We now use
std::unique_ptr which improves the code in general a bit and fixes a leak.

Change-Id: I6c0fa36953196d3235fb60354dc9ad2396d8dfcb
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
---
 src/network/ssl/qsslsocket_openssl.cpp | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

(limited to 'src')

diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index d4bad1b1a5..51510f1c60 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -93,6 +93,7 @@
 #endif
 
 #include <algorithm>
+#include <memory>
 
 #include <string.h>
 
@@ -1763,6 +1764,7 @@ QList<QSslError> QSslSocketBackendPrivate::verify(const QList<QSslCertificate> &
         errors << QSslError(QSslError::UnspecifiedError);
         return errors;
     }
+    const std::unique_ptr<X509_STORE, decltype(&q_X509_STORE_free)> storeGuard(certStore, q_X509_STORE_free);
 
     if (s_loadRootCertsOnDemand) {
         setDefaultCaCertificates(defaultCaCertificates() + systemCaCertificates());
@@ -1811,7 +1813,6 @@ QList<QSslError> QSslSocketBackendPrivate::verify(const QList<QSslCertificate> &
         intermediates = (STACK_OF(X509) *) q_OPENSSL_sk_new_null();
 
         if (!intermediates) {
-            q_X509_STORE_free(certStore);
             errors << QSslError(QSslError::UnspecifiedError);
             return errors;
         }
@@ -1829,14 +1830,12 @@ QList<QSslError> QSslSocketBackendPrivate::verify(const QList<QSslCertificate> &
 
     X509_STORE_CTX *storeContext = q_X509_STORE_CTX_new();
     if (!storeContext) {
-        q_X509_STORE_free(certStore);
         errors << QSslError(QSslError::UnspecifiedError);
         return errors;
     }
+    std::unique_ptr<X509_STORE_CTX, decltype(&q_X509_STORE_CTX_free)> ctxGuard(storeContext, q_X509_STORE_CTX_free);
 
     if (!q_X509_STORE_CTX_init(storeContext, certStore, reinterpret_cast<X509 *>(certificateChain[0].handle()), intermediates)) {
-        q_X509_STORE_CTX_free(storeContext);
-        q_X509_STORE_free(certStore);
         errors << QSslError(QSslError::UnspecifiedError);
         return errors;
     }
@@ -1845,8 +1844,7 @@ QList<QSslError> QSslSocketBackendPrivate::verify(const QList<QSslCertificate> &
     // We ignore the result of this function since we process errors via the
     // callback.
     (void) q_X509_verify_cert(storeContext);
-
-    q_X509_STORE_CTX_free(storeContext);
+    ctxGuard.reset();
     q_OPENSSL_sk_free((OPENSSL_STACK *)intermediates);
 
     // Now process the errors
@@ -1868,8 +1866,6 @@ QList<QSslError> QSslSocketBackendPrivate::verify(const QList<QSslCertificate> &
     for (const auto &error : qAsConst(lastErrors))
         errors << _q_OpenSSL_to_QSslError(error.code, certificateChain.value(error.depth));
 
-    q_X509_STORE_free(certStore);
-
     return errors;
 }
 
-- 
cgit v1.2.3