Fix leak in TlsClient object.

sckClientOpen() is the most likely part of this code to error so move it up above SSL session creation to reduce the chance of a leak.
2025-09-16 09:06:18 +02:00 · 2020-05-06 18:17:50 -04:00
parent e677929802
commit 28967951ab
1 changed files with 6 additions and 3 deletions
--- a/src/common/io/tls/client.c
+++ b/src/common/io/tls/client.c
@@ -281,7 +281,11 @@ tlsClientOpen(TlsClient *this)

            TRY_BEGIN()
            {
-                // Create internal TLS session
+                // Open the socket session first since this is mostly likely to fail
+                SocketSession *socketSession = sckClientOpen(this->socketClient);
+
+                // Create internal TLS session. If there is a failure before the TlsSession object is created there may be a leak
+                // of the TLS session but this is likely to result in program termination so it doesn't seem worth coding for.
                cryptoError((session = SSL_new(this->context)) == NULL, "unable to create TLS session");

                // Set server host name used for validation
@@ -290,11 +294,10 @@ tlsClientOpen(TlsClient *this)
                    "unable to set TLS host name");

                // Create the TLS session
-                result = tlsSessionNew(session, sckClientOpen(this->socketClient), this->timeout);
+                result = tlsSessionNew(session, socketSession, this->timeout);
            }
            CATCH_ANY()
            {
-                tlsSessionFree(result);
                result = NULL;

                // Retry if wait time has not expired