crypto/x509/pcy_tree.c: fix leak of tree in X509_policy_check()
When init_ret indicates both X509_PCY_TREE_EXPLICIT and X509_PCY_TREE_EMPTY,
the function returns without freeing the initialized policy tree.
Free the tree before returning, consistent with the earlier TREE_EMPTY branch.
Also defer *ptree = tree assignment and free the tree when user policies
are empty to avoid returning invalid memory.
Fixes #30435
Signed-off-by: huanghuihui0904 <625173@qq.com>
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Fri Apr 3 15:03:37 2026
(Merged from https://github.com/openssl/openssl/pull/30436)
(cherry picked from commit
c3d24d9121ef12d8b1f2615e7655e07b5a624358)
projects / thirdparty / openssl.git / commit
