From 3e3a068cc56cf2dbf9188f536d834418e32a9538 Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Tue, 13 Feb 2024 21:15:30 +0100
Subject: [PATCH] Brotli: Don't leave errors behind if loading library failed.

If brolti support is dynamic then it is loaded at runtime and may fail
if the library is not available. The library can be loaded even if the
user did not ask for it, for instance via SSL_CTX_new_ex() ->
ossl_comp_has_alg().
Leaving an error record can have other side effects if the user is
poping the stack and notices and aborts due it.

Use ERR_set_mark()/ ERR_pop_to_mark() to avoid leaving marks if library
loading failed. Use ERR_clear_last_mark() if loading succeeded.

Fixes: #23558
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
---
 crypto/comp/c_brotli.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/crypto/comp/c_brotli.c b/crypto/comp/c_brotli.c
index 07e1e76471c5d..28d8d4722ff92 100644
--- a/crypto/comp/c_brotli.c
+++ b/crypto/comp/c_brotli.c
@@ -292,6 +292,7 @@ DEFINE_RUN_ONCE_STATIC(ossl_comp_brotli_init)
 #   define LIBBROTLIDEC "brotlidec"
 #  endif
 
+    ERR_set_mark();
     brotli_encode_dso = DSO_load(NULL, LIBBROTLIENC, NULL, 0);
     if (brotli_encode_dso != NULL) {
         p_encode_init = (encode_init_ft)DSO_bind_func(brotli_encode_dso, "BrotliEncoderCreateInstance");
@@ -319,8 +320,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_comp_brotli_init)
             || p_decode_error == NULL || p_decode_error_string == NULL || p_decode_is_finished == NULL
             || p_decode_oneshot == NULL) {
         ossl_comp_brotli_cleanup();
+        ERR_pop_to_mark();
         return 0;
     }
+    ERR_clear_last_mark();
 # endif
     return 1;
 }