apps/s_server.c: call OPENSSL_DIR_end after directory traversal in ech_load_dir

While it is not documented, OPENSSL_DIR_end() is to be called at the end
of directory traversal to free the context and avoid leaking memory.

Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1681464
Fixes: a2e5848d9d11 "s_client and s_server options for ECH"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:10:39 2026
(Merged from https://github.com/openssl/openssl/pull/30139)

diff --git a/apps/s_server.c b/apps/s_server.c
index 07717e75377709264402cd2f3688b5126651517e..903e436e2377f84e9f5e3368bccec85621ffcf39 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1623,6 +1623,8 @@ static int ech_load_dir(SSL_CTX *lctx, const char *thedir,
             BIO_printf(bio_s_out, "Added ECH key pair from: %s\n", thisfile);
         loaded++;
     }
+    OPENSSL_DIR_end(&d);
+
     if (SSL_CTX_set1_echstore(lctx, es) != 1) {
         BIO_puts(bio_err, "ECH: Internal error\n");
         goto end;