From b3c02473f7a22b19cbf86d5012d05a9d6a2c5f4d Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 30 Apr 2015 14:51:10 +0100
Subject: [PATCH] Fix memory leaks in BIO_dup_chain()

This fixes a memory leak that can occur whilst duplicating a BIO chain if
the call to CRYPTO_dup_ex_data() fails. It also fixes a second memory leak
where if a failure occurs after successfully creating the first BIO in the
chain, then the beginning of the new chain was not freed.

With thanks to the Open Crypto Audit Project for reporting this issue.

Reviewed-by: Stephen Henson <steve@openssl.org>

Conflicts:
	crypto/bio/bio_lib.c
---
 crypto/bio/bio_lib.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c
index 5267010cb..07934f8a6 100644
--- a/crypto/bio/bio_lib.c
+++ b/crypto/bio/bio_lib.c
@@ -536,8 +536,10 @@ BIO *BIO_dup_chain(BIO *in)
 
         /* copy app data */
         if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new_bio->ex_data,
-                                &bio->ex_data))
+                                &bio->ex_data)) {
+            BIO_free(new_bio);
             goto err;
+        }
 
         if (ret == NULL) {
             eoc = new_bio;
@@ -549,8 +551,8 @@ BIO *BIO_dup_chain(BIO *in)
     }
     return (ret);
  err:
-    if (ret != NULL)
-        BIO_free(ret);
+    BIO_free_all(ret);
+
     return (NULL);
 }