ASN.1 BIO: properly wire up prefix_free and suffix_free

If something goes wrong before the ASN.1 BIO state machine has passed
both flushing states, asn1_bio_free() forgets to free the ndef_aux
and the ex_arg since the prefix_free() and suffix_free callbacks are
not called.

This can lead to leaks, notably in streaming bios.

Part of https://github.com/openssl/openssl/pull/15999
I have a regress covering this but it is not yet ready to land.

ok beck jsing

diff --git a/lib/libcrypto/asn1/bio_asn1.c b/lib/libcrypto/asn1/bio_asn1.c
index 05bc1f7..21f33ec 100644 (file)
--- a/lib/libcrypto/asn1/bio_asn1.c
+++ b/lib/libcrypto/asn1/bio_asn1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bio_asn1.c,v 1.18 2023/03/04 11:58:29 tb Exp $ */
+/* $OpenBSD: bio_asn1.c,v 1.19 2023/03/10 11:55:38 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -177,6 +177,12 @@ asn1_bio_free(BIO *b)
        ctx = (BIO_ASN1_BUF_CTX *) b->ptr;
        if (ctx == NULL)
                return 0;
+
+       if (ctx->prefix_free != NULL)
+               ctx->prefix_free(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg);
+       if (ctx->suffix_free != NULL)
+               ctx->suffix_free(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg);
+
        free(ctx->buf);
        free(ctx);
        b->init = 0;