From: Eugene Syromiatnikov <esyr@openssl.org>
Date: Mon, 23 Feb 2026 04:33:55 +0000 (+0100)
Subject: ssl/ech/ech_internal.c: avoid memory leak on ech_decode_inbound_ech() error path
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3a0a16fa2786cc6498039647824ead57b1d809da;p=thirdparty%2Fopenssl.git

ssl/ech/ech_internal.c: avoid memory leak on ech_decode_inbound_ech() error path

Free allocated tmpenc in case of subsequent PACKET_copy_bytes() failure.

Reolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1681456
Fixes: 6c3edd4f3a8a "Add server-side handling of Encrypted Client Hello"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:10:49 2026
(Merged from https://github.com/openssl/openssl/pull/30139)
---

diff --git a/ssl/ech/ech_internal.c b/ssl/ech/ech_internal.c
index cb9b846e3f..ca6eaa8c8c 100644
--- a/ssl/ech/ech_internal.c
+++ b/ssl/ech/ech_internal.c
@@ -1331,6 +1331,7 @@ static int ech_decode_inbound_ech(SSL_CONNECTION *s, PACKET *pkt,
         if (tmpenc == NULL)
             goto err;
         if (!PACKET_copy_bytes(pkt, tmpenc, pval_tmp)) {
+            OPENSSL_free(tmpenc);
             SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION);
             goto err;
         }