Merge pull request #490 from h2o/kazuho/evp_keyex_init-on-error [evp_keyex_init] keep refcount unchanged when the function fails

commit: 8fb46c6800eae95eaa8da09c4dcbd30409c40ea9 [log] [tgz]
author: Kazuho Oku <kazuhooku@gmail.com> Tue Nov 14 09:26:09 2023 +0900
committer: GitHub <noreply@github.com> Tue Nov 14 09:26:09 2023 +0900
tree: e13d0d15a3446d63c5e32f44f26ebaa38fa99025
parent: f4cb1fd9a424ce4d03434532216b76dc2ede39b7 [diff]
parent: d462d0c045bd3b4b50cb8a42861dfc3597c3d974 [diff]
diff --git a/lib/openssl.c b/lib/openssl.c
index 294fb60..a6abafe 100644
--- a/lib/openssl.c
+++ b/lib/openssl.c

@@ -608,6 +608,9 @@
     return ret;
 }
 
+/**
+ * Upon success, ownership of `pkey` is transferred to the object being created. Otherwise, the refcount remains unchanged.
+ */
 static int evp_keyex_init(ptls_key_exchange_algorithm_t *algo, ptls_key_exchange_context_t **_ctx, EVP_PKEY *pkey)
 {
     struct st_evp_keyex_context_t *ctx = NULL;
@@ -630,8 +633,10 @@
     *_ctx = &ctx->super;
     ret = 0;
 Exit:
-    if (ret != 0 && ctx != NULL)
+    if (ret != 0 && ctx != NULL) {
+        ctx->privkey = NULL; /* do not decrement refcount of pkey in case of error */
         evp_keyex_free(ctx);
+    }
     return ret;
 }
commit	8fb46c6800eae95eaa8da09c4dcbd30409c40ea9	[log] [tgz]
author	Kazuho Oku <kazuhooku@gmail.com>	Tue Nov 14 09:26:09 2023 +0900
committer	GitHub <noreply@github.com>	Tue Nov 14 09:26:09 2023 +0900
tree	e13d0d15a3446d63c5e32f44f26ebaa38fa99025
parent	f4cb1fd9a424ce4d03434532216b76dc2ede39b7 [diff]
parent	d462d0c045bd3b4b50cb8a42861dfc3597c3d974 [diff]