From a461f9142e57a6bfe3d007a0a022e29c480393f0 Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Thu, 15 Feb 2024 18:01:31 +0100
Subject: [PATCH] Zlib: Don't leave errors behind if loading library failed.

If zlib support is dynamic then it is loaded at runtime and may fail
if the library is not available. The library can be loaded even if the
user did not ask for it, for instance via SSL_CTX_new_ex() ->
ossl_comp_has_alg().
Leaving an error record can have other side effects if the user is
poping the stack and notices and aborts due it.

Use ERR_set_mark()/ ERR_pop_to_mark() to avoid leaving marks if library
loading failed. Use ERR_clear_last_mark() if loading succeeded.

Fixes: #23558
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
---
 crypto/comp/c_zlib.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c
index 0fbab8f014fe5..f57c0411f4397 100644
--- a/crypto/comp/c_zlib.c
+++ b/crypto/comp/c_zlib.c
@@ -282,6 +282,7 @@ DEFINE_RUN_ONCE_STATIC(ossl_comp_zlib_init)
 #   endif
 #  endif
 
+    ERR_set_mark();
     zlib_dso = DSO_load(NULL, LIBZ, NULL, 0);
     if (zlib_dso != NULL) {
         p_compress = (compress_ft) DSO_bind_func(zlib_dso, "compress");
@@ -299,9 +300,11 @@ DEFINE_RUN_ONCE_STATIC(ossl_comp_zlib_init)
                 || p_deflateEnd == NULL || p_deflate == NULL
                 || p_deflateInit_ == NULL || p_zError == NULL) {
             ossl_comp_zlib_cleanup();
+            ERR_pop_to_mark();
             return 0;
         }
     }
+    ERR_clear_last_mark();
 # endif
     return 1;
 }