Fix potential memory leak in save_statusInfo()

If sk_ASN1_UTF8STRING_push() fails then the duplicated string will leak
memory. Add a ASN1_UTF8STRING_free() to fix this.

CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25604)

(cherry picked from commit 0a2a8d970f408af595fd699b2675ba45a26c169b)

diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c
index a6b641521a6aa87f1fbed05226425a4b999e93bc..f3fa625cde5f5f4cf61a3e10f6d264a765b2a159 100644 (file)
--- a/crypto/cmp/cmp_client.c
+++ b/crypto/cmp/cmp_client.c
@@ -107,9 +107,12 @@ static int save_statusInfo(OSSL_CMP_CTX *ctx, OSSL_CMP_PKISI *si)
     ss = si->statusString; /* may be NULL */
     for (i = 0; i < sk_ASN1_UTF8STRING_num(ss); i++) {
         ASN1_UTF8STRING *str = sk_ASN1_UTF8STRING_value(ss, i);
+        ASN1_UTF8STRING *dup = ASN1_STRING_dup(str);
 
-        if (!sk_ASN1_UTF8STRING_push(ctx->statusString, ASN1_STRING_dup(str)))
+        if (dup == NULL || !sk_ASN1_UTF8STRING_push(ctx->statusString, dup)) {
+            ASN1_UTF8STRING_free(dup);
             return 0;
+        }
     }
     return 1;
 }