ssl/quic/quic_port.c: fix leak in port_make_channel()

Free pre-existing ch->qlog_title before OPENSSL_strdup to avoid
leaking the value allocated in ossl_quic_channel_alloc(). Use
ossl_quic_channel_free() on strdup failure to ensure proper cleanup.

Solves https://github.com/openssl/openssl/issues/30440

Fixes #30440

Signed-off-by: huanghuihui0904 <625173@qq.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
MergeDate: Mon Apr 27 07:21:11 2026
(Merged from https://github.com/openssl/openssl/pull/30441)

diff --git a/ssl/quic/quic_port.c b/ssl/quic/quic_port.c
index e9af8b21b21f8495541050e085e682ea1e2bb9c5..d4f40a95618eb97d1d231dc006f75360be566062 100644 (file)
--- a/ssl/quic/quic_port.c
+++ b/ssl/quic/quic_port.c
@@ -610,8 +610,9 @@ static QUIC_CHANNEL *port_make_channel(QUIC_PORT *port, SSL *tls, OSSL_QRX *qrx,
      */
     ch->use_qlog = 1;
     if (ch->tls != NULL && ch->tls->ctx->qlog_title != NULL) {
+        OPENSSL_free(ch->qlog_title);
         if ((ch->qlog_title = OPENSSL_strdup(ch->tls->ctx->qlog_title)) == NULL) {
-            OPENSSL_free(ch);
+            ossl_quic_channel_free(ch);
             return NULL;
         }
     }