From 45e856247bb4b4c0c347842906ca67bea378ad22 Mon Sep 17 00:00:00 2001
From: Amir Mohammadi <amiremohamadi@yahoo.com>
Date: Wed, 5 Jun 2024 22:26:19 +0330
Subject: [PATCH] Fix memory leak in quic_trace.c

Fixes #24340

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24568)

(cherry picked from commit 1977c00f00ad0546421a5ec0b40c1326aee4cddb)
---
 ssl/quic/quic_trace.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/ssl/quic/quic_trace.c b/ssl/quic/quic_trace.c
index 5a6d79bf4bb53..c2ffdac9733f4 100644
--- a/ssl/quic/quic_trace.c
+++ b/ssl/quic/quic_trace.c
@@ -79,20 +79,21 @@ static int frame_ack(BIO *bio, PACKET *pkt)
     OSSL_QUIC_ACK_RANGE *ack_ranges = NULL;
     uint64_t total_ranges = 0;
     uint64_t i;
+    int ret = 0;
 
     if (!ossl_quic_wire_peek_frame_ack_num_ranges(pkt, &total_ranges)
         /* In case sizeof(uint64_t) > sizeof(size_t) */
         || total_ranges > SIZE_MAX / sizeof(ack_ranges[0])
         || (ack_ranges = OPENSSL_zalloc(sizeof(ack_ranges[0])
                                         * (size_t)total_ranges)) == NULL)
-        return 0;
+        return ret;
 
     ack.ack_ranges = ack_ranges;
     ack.num_ack_ranges = (size_t)total_ranges;
 
     /* Ack delay exponent is 0, so we can get the raw delay time below */
     if (!ossl_quic_wire_decode_frame_ack(pkt, 0, &ack, NULL))
-        return 0;
+        goto end;
 
     BIO_printf(bio, "    Largest acked: %llu\n",
                (unsigned long long)ack.ack_ranges[0].end);
@@ -112,8 +113,10 @@ static int frame_ack(BIO *bio, PACKET *pkt)
                                         - ack.ack_ranges[i].start));
     }
 
+    ret = 1;
+end:
     OPENSSL_free(ack_ranges);
-    return 1;
+    return ret;
 }
 
 static int frame_reset_stream(BIO *bio, PACKET *pkt)