ssl/ech/ech_internal.c: avoid memory leak in ossl_ech_get_retry_configs()

Free the temporarily allocated memory before returning on failed size
overflow check.

Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1681458
Fixes: 0bdae603e82f "ossl_ech_get_retry_configs(): Check for integer overflow"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:10:43 2026
(Merged from https://github.com/openssl/openssl/pull/30139)

diff --git a/ssl/ech/ech_internal.c b/ssl/ech/ech_internal.c
index 967b6d403c951cd62b88861d454a9b9ce9e028df..68dd1d1fb6f56ce3bd6c26197d45665a9e13f0f0 100644 (file)
--- a/ssl/ech/ech_internal.c
+++ b/ssl/ech/ech_internal.c
@@ -254,7 +254,7 @@ int ossl_ech_get_retry_configs(SSL_CONNECTION *s, unsigned char **rcfgs,
         ee = sk_OSSL_ECHSTORE_ENTRY_value(es->entries, i);
         if (ee != NULL && ee->for_retry == OSSL_ECH_FOR_RETRY) {
             if (ee->encoded_len > SIZE_MAX - retslen)
-                return 0;
+                goto err;
             tmp = (unsigned char *)OPENSSL_realloc(rets,
                 retslen + ee->encoded_len);
             if (tmp == NULL)