From 17ddad9b68e1a9b5f289cab64799f57f7a72f2be Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Thu, 15 Feb 2024 18:03:12 +0100
Subject: [PATCH] Zstd: Don't leave errors behind if loading library failed.

If zstd support is dynamic then it is loaded at runtime and may fail
if the library is not available. The library can be loaded even if the
user did not ask for it, for instance via SSL_CTX_new_ex() ->
ossl_comp_has_alg().
Leaving an error record can have other side effects if the user is
poping the stack and notices and aborts due it.

Use ERR_set_mark()/ ERR_pop_to_mark() to avoid leaving marks if library
loading failed. Use ERR_clear_last_mark() if loading succeeded.

Fixes: #23558
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
---
 crypto/comp/c_zstd.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/crypto/comp/c_zstd.c b/crypto/comp/c_zstd.c
index b4667649f3ce0..99175c87040c9 100644
--- a/crypto/comp/c_zstd.c
+++ b/crypto/comp/c_zstd.c
@@ -367,6 +367,7 @@ DEFINE_RUN_ONCE_STATIC(ossl_comp_zstd_init)
 #   define LIBZSTD  "zstd"
 #  endif
 
+    ERR_set_mark();
     zstd_dso = DSO_load(NULL, LIBZSTD, NULL, 0);
     if (zstd_dso != NULL) {
         p_createCStream = (createCStream_ft)DSO_bind_func(zstd_dso, "ZSTD_createCStream");
@@ -394,8 +395,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_comp_zstd_init)
             || p_isError == NULL || p_getErrorName == NULL || p_DStreamInSize == NULL
             || p_CStreamInSize == NULL) {
         ossl_comp_zstd_cleanup();
+        ERR_pop_to_mark();
         return 0;
     }
+    ERR_clear_last_mark();
 # endif
     return 1;
 }