slh_dsa: fix leak in early return of slh_sign_internal()

In slh_sign_internal(), if calling PACKET_buf_init() failed, this
function return without free wpkt. Replace `return 0` with `goto err`
to free wpkt before return.

CLA: trivial
Signed-off-by: Lidong Yan <502024330056@smail.nju.edu.cn>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29041)

diff --git a/crypto/slh_dsa/slh_dsa.c b/crypto/slh_dsa/slh_dsa.c
index 7ee465447dd9858e4c53a305ce23a61e19b6d26a..6c7b913d2fc8b7e20fbaf5fc84a327dd6e1fc32a 100644 (file)
--- a/crypto/slh_dsa/slh_dsa.c
+++ b/crypto/slh_dsa/slh_dsa.c
@@ -83,7 +83,7 @@ static int slh_sign_internal(SLH_DSA_HASH_CTX *hctx,
     if (!WPACKET_init_static_len(wpkt, sig, sig_len_expected, 0))
         return 0;
     if (!PACKET_buf_init(rpkt, m_digest, params->m))
-        return 0;
+        goto err;
 
     pk_seed = SLH_DSA_PK_SEED(priv);
     sk_seed = SLH_DSA_SK_SEED(priv);