Free allocated tmpenc in case of subsequent PACKET_copy_bytes() failure.
Reolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=
1681456
Fixes: 6c3edd4f3a8a "Add server-side handling of Encrypted Client Hello"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:10:49 2026
(Merged from https://github.com/openssl/openssl/pull/30139)
if (tmpenc == NULL)
goto err;
if (!PACKET_copy_bytes(pkt, tmpenc, pval_tmp)) {
+ OPENSSL_free(tmpenc);
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION);
goto err;
}