apps/cmp.c: fix leak of out_trusted in setup_verification_ctx()

setup_verification_ctx() allocates out_trusted via load_trusted() and passes
it to OSSL_CMP_CTX_set_certConf_cb_arg(). Since the argument is not consumed,
it must be freed on failure. The fix is to free out_trusted if
OSSL_CMP_CTX_set_certConf_cb_arg() fails.

Fixes #30377

Signed-off-by: huanghuihui0904 <625173@qq.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Tue Mar 24 17:34:49 2026
(Merged from https://github.com/openssl/openssl/pull/30392)

(cherry picked from commit 6f01df42cd0fff76dc789e50f5f86addd6103192)

diff --git a/apps/cmp.c b/apps/cmp.c
index c716c86e58d0c9fe2bd1551d4682ed6bda216fad..c28627b216998daa1566255770cef665f14b08eb 100644 (file)
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -1425,7 +1425,10 @@ static int setup_verification_ctx(OSSL_CMP_CTX *ctx)
         out_vpm = X509_STORE_get0_param(out_trusted);
         X509_VERIFY_PARAM_clear_flags(out_vpm, X509_V_FLAG_USE_CHECK_TIME);
 
-        (void)OSSL_CMP_CTX_set_certConf_cb_arg(ctx, out_trusted);
+        if (!OSSL_CMP_CTX_set_certConf_cb_arg(ctx, out_trusted)) {
+            X509_STORE_free(out_trusted);
+            return 0;
+        }
     }
 
     if (opt_disable_confirm)