Brotli: Don't leave errors behind if loading library failed.

If brolti support is dynamic then it is loaded at runtime and may fail if the library is not available. The library can be loaded even if the user did not ask for it, for instance via SSL_CTX_new_ex() -> ossl_comp_has_alg(). Leaving an error record can have other side effects if the user is poping the stack and notices and aborts due it. Use ERR_set_mark()/ ERR_pop_to_mark() to avoid leaving marks if library loading failed. Use ERR_clear_last_mark() if loading succeeded. Fixes: openssl#23558 Signed-off-by: Sebastian Andrzej Siewior <[email protected]>
sebastianas · Feb 15, 2024 · 3e3a068 · 3e3a068
1 parent 0969375
commit 3e3a068
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/crypto/comp/c_brotli.c b/crypto/comp/c_brotli.c
@@ -292,6 +292,7 @@ DEFINE_RUN_ONCE_STATIC(ossl_comp_brotli_init)
 #   define LIBBROTLIDEC "brotlidec"
 #  endif
 
+    ERR_set_mark();
     brotli_encode_dso = DSO_load(NULL, LIBBROTLIENC, NULL, 0);
     if (brotli_encode_dso != NULL) {
         p_encode_init = (encode_init_ft)DSO_bind_func(brotli_encode_dso, "BrotliEncoderCreateInstance");
@@ -319,8 +320,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_comp_brotli_init)
             || p_decode_error == NULL || p_decode_error_string == NULL || p_decode_is_finished == NULL
             || p_decode_oneshot == NULL) {
         ossl_comp_brotli_cleanup();
+        ERR_pop_to_mark();
         return 0;
     }
+    ERR_clear_last_mark();
 # endif
     return 1;
 }