Fix a memory leak reported in CIFuzz

Direct leak of 4 byte(s) in 1 object(s) allocated from:
     #0 0x4a067d in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:129:3
     #1 0x57af0d in CRYPTO_malloc /src/openssl/crypto/mem.c:184:12
     #2 0x57af0d in CRYPTO_realloc /src/openssl/crypto/mem.c:207:16
     #3 0x569d17 in BUF_MEM_grow /src/openssl/crypto/buffer/buffer.c:97:15
     #4 0x5c3629 in str_copy /src/openssl/crypto/conf/conf_def.c:642:10
     #5 0x5c1cc1 in def_load_bio /src/openssl/crypto/conf/conf_def.c:452:22
     #6 0x56adf5 in NCONF_load_bio /src/openssl/crypto/conf/conf_lib.c:282:12
     #7 0x4d96cf in FuzzerTestOneInput /src/openssl/fuzz/conf.c:38:5
     #8 0x4d9830 in LLVMFuzzerTestOneInput /src/openssl/fuzz/driver.c:28:12
     #9 0x510c23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) cxa_noexception.cpp
     #10 0x4fc4d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
     #11 0x501f85 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) cxa_noexception.cpp
     #12 0x52ac82 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16813)

diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
index 7b67854c8b702ecb5310e86b4ed086b2824b70ec..1832cf535f88cd4b6d2cc08179b8794d1cb3c4ca 100644 (file)
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -474,6 +474,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
                 if (conf->flag_abspath
                         && !ossl_is_absolute_path(include_path)) {
                     ERR_raise(ERR_LIB_CONF, CONF_R_RELATIVE_PATH);
+                    OPENSSL_free(include_path);
                     goto err;
                 }