ASN.1 BIO: properly wire up prefix_free and suffix_free

If something goes wrong before the ASN.1 BIO state machine has passed
both flushing states, asn1_bio_free() forgets to free the ndef_aux
and the ex_arg since the prefix_free() and suffix_free callbacks are
not called.

This can lead to leaks, notably in streaming bios.

Part of https://github.com/openssl/openssl/pull/15999
I have a regress covering this but it is not yet ready to land.

ok beck jsing

1 files changed, 7 insertions, 1 deletions

diff --git a/lib/libcrypto/asn1/bio_asn1.c b/lib/libcrypto/asn1/bio_asn1.c
index 05bc1f7ad38..21f33ecfc90 100644
--- a/lib/libcrypto/asn1/bio_asn1.c
+++ b/lib/libcrypto/asn1/bio_asn1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bio_asn1.c,v 1.18 2023/03/04 11:58:29 tb Exp $ */
+/* $OpenBSD: bio_asn1.c,v 1.19 2023/03/10 11:55:38 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -177,6 +177,12 @@ asn1_bio_free(BIO *b)
 	ctx = (BIO_ASN1_BUF_CTX *) b->ptr;
 	if (ctx == NULL)
 		return 0;
+
+	if (ctx->prefix_free != NULL)
+		ctx->prefix_free(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg);
+	if (ctx->suffix_free != NULL)
+		ctx->suffix_free(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg);
+
 	free(ctx->buf);
 	free(ctx);
 	b->init = 0;